December 3, 2020

What's new in Knox 3.7

Samsung Knox Team

The latest Samsung Knox 3.7 release features Android 11, which offers both:

  • greater privacy to consumers using personal apps on company devices
  • sufficient controls to enterprise IT admins to protect corporate assets

The Knox 3.7 platform is built into the firmware of new Samsung flagship devices, and will be installed on existing devices following the release schedule of mobile service providers. Let’s dive into the new features!


Work profile on company-owned devices

As you may be aware, Android 10 introduced extensive changes to protect user privacy and give users more control over the personal data that apps could access. Android 11 further enhances privacy, on corporate devices that are enabled for personal use.

Specifically, Google has replaced the device management mode called fully managed device with work profile (also known as Corporate Owned Managed Profile or COMP) with work profile on company-owned device.

The UEM apps used by enterprises to manage their devices no longer have device owner privileges over the personal profile, but instead have elevated profile owner privileges to protect corporate assets in the personal side. For more about these changes, see Device management modes, Work profile on company-owned devices, Android policies in the personal side, and Knox policies in the personal side.


Separated apps

Some enterprises still need full (device owner) control over a device, while enabling users to install third-party business apps. For example, enterprises might need: password reset on the device, Mobile Threat Defense in user0, general visibility and control of DNS filtering, APN, and so on. In these scenarios, you can use Separated apps, which isolates third-party apps in a sandboxed folder. The third-party apps cannot intercommunicate with work apps or access confidential work data. See how to use the Knox Service Plugin to set up Separated apps.


Deep Settings Customization

This release expands the list of deep settings introduced with Knox 3.4, delivering options to configure the following Settings through the Knox Service Plugin.



Side key setting

The new Side key, which combines the Power and Bixby keys, can be configured for the events: double press and press-and-hold. The Side key can be also enabled or disabled.

APN change disabling

The change of the Preferred APN can now be disabled after an IT admin sets the APN settings.

Dual SIM management

Devices with dual SIMs can now configure preferred SIM cards for each call, SMS, and data. While the SIM manager is configured through deep settings, the e-sim menu will be disabled automatically.

Each KSP release introduces additional deep settings so you are encouraged to browse the KSP release notes for all the latest capabilities.


Lock screen enhancements

This release offers several customer-requested enhancements to the lock screen:




Admin lock on Knox license expiry

When a license is expires, the device or the profile is immediately admin locked from a security and management point of view.

The users can use the existing device or profile under the policies.

Admin lock on maximum failed passwords

The device is admin locked when a user fails 5 times (assuming the maximum failed password count is 5).

The profile (PO) will be admin locked or wiped instead of device locked when user fails 5 times.

Face unlock for work profile

Lack of face unlock to open a work profile.

Face authentication is allowed for the profile owner. To enable or disable this feature, use the existing API method setBiometricAuthenticationEnabled.

Advanced access control for work profile

Once a device owner unlocks their work profile, unauthorized users can easily access the data inside the profile at any time.

When a non-registered device user (who is not the owner) is detected, the profile is locked automatically base on face authentication. To enable or disable this feature, use the Knox Service Plugin.


Bug fixes and feature enhancements

The release fixes the following customer-reported bugs:




Ownership transfer for DPM

In the case of a profile owner, a work profile is removed when an IT admin tries to transfer ownership using the API method DPM.transferOwnership.

Ownership migration is now supported

Filter data traffic for tethering using Firewall

Samsung devices provide an enhance Knox firewall, but the policy does not affect tethered devices such as laptops and tablets.

The Knox firewall policy now includes tethered devices.

Ultra-wideband control

UWB was introduced with the Galaxy Note20 but IT admins could not control it.

New API methods allow UEM partners to add an enable/disable feature to consoles.


Keep exploring…

We encourage you to learn more about Knox.

If you're new to Knox, browse our White Paper Whitepaper Find out about the Knox Service Plugin, and how it delivers new features on the day of release Learn about our entire Knox Ecosystem, and how our services ease mobile deployments


We are already working on the next Knox platform release, and adding new features that will help you deliver the most compelling enterprise solutions. Stay tuned!

[Icon] close

Get the right solution for your business

Join 25,000+ organizations around the world.

[Icon] suitcase
Are you a reseller or solution partner?

Get access to the Knox Partner Program for helpful partner tools, such as the Knox Deployment Program portal, Knox MSP portal, partner SDKs, and more.

[Icon] info
Unified Endpoint Management
Knox Suite
Rebranding and customization
Knox Configure
Fraud and theft protection
Knox Guard
Device protection plan
Samsung Care + for Business
Other products & services

Get started with

[Image] Knox Suite

All-in-one solution bundle for enterprise mobility.

[Icon] Check mark

Join us and get a 90-day free trial for Knox Suite and other Knox products. *Approval required

[Icon] Check mark

A complete set of tools to secure, deploy, manage, and analyze your enterprise's corporate mobile devices.

[Icon] Check mark

Try powerful features bundled with Knox Suite, such as Knox Remote Support.

Knox Suite include:

[Icon] Knox Platform for Enterprise Knox Platform for Enterprise
[Icon] Knox E-FOTA Knox E-FOTA
[Icon] Knox Mobile Enrollment Knox Mobile Enrollment
[Icon] Knox Asset Intelligence Knox Asset Intelligence
[Icon] knox manage Knox Manage
[Icon] knox capture Knox Capture

Get started with

[Image] Knox Configure Logo

Remotely configure Samsung devices in bulk and tailor them to specific needs, right out of the box.

[Icon] Check mark

After approval, you can try both the:

  • Setup edition — designed for a one-time deployment
  • Dynamic edition — deploy and update policies as many times without a factory reset.
[Icon] Check mark

Try either the Setup edition or Dynamic edition of Knox Configure on up to 30 devices.

[Icon] Check mark

Get a free Knox Suite trial upon approval to try our UEM.

Get started with

[Icon] Knox Guard Logo

Remotely control Samsung devices to reduce financial risks and protect assets.

[Icon] Check mark

After you get approved, generate your free trial license for 90 days.


Try all the features of Knox Guard on up to 30 devices, including SIM control and device locking.

[Icon] Check mark

Get a free Knox Suite trial upon approval to try our UEM.

Get started with

[Image] Samsung Care Plus For Business Logo

Protect your business devices against accidental damage and mechanical breakdowns.

[Icon] Check mark

Are you already a Samsung Care+ for Business customer? Create an account and access the Samsung Care+ for Business console.

[Icon] Check mark

Contact the Samsung sales team and get peace of mind for your devices.

Other products & services

[Image] Others logo
[Icon] Check mark

Samsung offers additional solutions to serve the unique needs of your business. Talk to a Samsung expert today.

Back to top