For several months now, Samsung has collaborated closely with Google and EMM solution providers on the upcoming Android 11 update, which has a significant impact on a wide range of Knox and EMM services. Please read this blog post carefully to avoid issues when you deploy Android 11 on your devices. This blog post covers the following areas:
- Background: Google’s changes in Android 11
- Changes in Knox services
- EMM recommendations
Background: Google’s changes in Android 11
As you may be aware, Android 10 introduced extensive changes to protect user privacy and give users more control over the personal data that apps could access. Android 11 further enhances privacy, on corporate devices that are enabled for personal use.
Specifically, Corporate Owned Personally Enabled (COPE) devices will be enhanced to protect user privacy. In Android 11, Google is no longer addressing COPE through fully managed device with work profile (also known as Corporate Owned Managed Profile or COMP). Instead, customers can deploy the work profile on company-owned devices, which offers the same privacy protections employees enjoy on personally-owned devices along with added device controls like asset management tools and personal usage policies. The goals are twofold:
- Offer greater privacy to the end user.
- Offer the right level of control to the IT admin to manage corporate data and assets.
For instance, to preserve user privacy Enterprises that deploy work profile on company-owned devices are no longer able to mandate installation of apps in the personal profile, but to keep devices in compliance with IT usage policies are instead able to create allow and block lists which dictate which apps users can install for personal use. You can find information about this in the recent work profile article on the Android Enterprise blog.
For more about these changes, please see:
A reminder too that Google deprecated the device admin (DA) management mode in Android 10. By November 2, 2020, Google requires app updates to target API level 29 or Android 10. From this date onwards, app updates will also start throwing exceptions if they call the four deprecated DA policies. For more about these changes, please see:
Changes in Knox services
The Android 11 changes have wide-ranging impact on Knox Platform features and cloud services.
Read the following linked content carefully to ensure a seamless transition to Android 11 and avoid any service disruptions.
Knox Platform
With fully managed device with work profile being deprecated in Android 11, Samsung exclusively offers a new option called Separated apps, which gives enterprises full (Device Owner) control over a device and device users the ability to install authorized third-party business apps (like flight, hotel, or ride-sharing apps) in a folder that’s securely isolated from other work apps.
- Knox Audit Log
- Knox DualDAR
- Knox firewall and domain filter
- Knox global proxy
- Knox Network Platform Analytics (NPA)
- Knox Sensitive Data Protection (SDP) and Samsung Email
- Knox Service Plugin (KSP)
- Knox VPNs
- Universal Credential Manager (UCM)
Knox cloud services
For complete details, read Prepare Knox for Android 11.
EMM recommendations
Depending on each EMM solution provider’s readiness, supported schedules for Android 11 update and management modes will differ. For detailed information about each EMM solution, please refer to vendor articles such as the following:
- Blackberry: BlackBerry UEM support for Samsung devices running Android 11
- Citrix: Changes ahead for Android Enterprise’s Fully Managed with Work Profile
- Microsoft: MS Endpoint Manager Support for Android 11
- MobileIron: Android 11: Striking the right balance between privacy and asset management
- Samsung: Knox Manage support for deprecated device modes in Android 11
- SOTI: What’s New In SOTI MobiControl v15.2?
- VMware: [URGENT] Changes to Corporate Owned Personally Enabled (COPE) in Android 11
Get Support
If after reviewing the content linked above you still have questions or issues, always feel free to reach out to us for support.
If you are a Samsung Knox Partner log in to your personal dashboard and click Support to access our support ticketing system If you are not (yet) a Knox Partner, enroll or contact us to get answers to general questions
