This Knox Manage v21.6 release scheduled to go live on June 16, 2021 includes several improvements and enhancements to existing features and functionality.
The following features constitute the highlights of this release:
- Support for shared devices with multiple users
- Add Secondary Admin by E-mail Invitation
- Azure AD based login to KM console
- Application Deployment Scheduling
- Support additional MDM policies for iOS devices
Android Enterprise enhancements
Shared device for multiple users
Starting with the KM 21.6 release, IT admins can set up devices so that multiple users can share the same device. This feature is particularly useful for devices that are used by visitors, guest users, or shift workers. This feature is available for all Samsung tablet devices and non-Samsung mobile devices running Android 9 OS or higher.
To set up a shared device, do as follows:
- On the KM portal's left hand navigation menu, User > on the User page that opens > click Add. Follow on-screen instructions to create a new Staging user. The IT admin provides the login credentials created at this stage to the device users. Depending upon your needs, select one of the following two options:
- Temporary: Choose this option for guest or visitor users. All the data including installed applications are deleted from the device when the user checks out of the device.
- Persistent: Choose this option for shift workers. All data and installed applications are retained even when the user checks out of the device.
- Once you create a Staging user, return to the User page > click the checkbox next to the device to select it and click Request Enrollment. KM sends an email to the Staging user's email address with a link to the installation guide. The Staging user follows instructions to enroll the device.
- When the device is handed to a Temporary or Persistent user, the user checks in to the device with their login credentials. After they finish using the device, they can check out of it. Depending upon the user type selected when creating the Staging user, the data on the device is either deleted or retained.
- The IT admins can send further instructions to control the network and other UI options available to the shared device using the Device Settings page. To go to this page, on the Knox Manage console, go to Settings > Configuration > Staging and Shared Device.
The shared device also has an option to Exit Shared Device Mode that the device user can use to exit out of the shared mode in case of emergencies or issues with the shared device mode. To exit the shared device mode, the device user uses a passcode that is given by the IT admin. Once all the issues are resolved, the IT admin can apply the shared device mode again using the Device Command functionality.
Password related enhancements
- Work Profile password compliance improvements—Until KM v21.4, when the device user creates a password for the Work Profile that does not comply with the minimum password requirements set by the IT admin, all apps in the Work Profile are hidden. Staring with this release, all apps—except essential apps like Knox Manage—are suspended. Suspending the apps, as opposed to just hiding them, offers greater security since unauthorized users cannot gain access to any Work Profile data.
- Increase in Wi-Fi password character limits —Until KM v21.4, you could enter up to 63 characters as the Wi-Fi password. Starting with this release, you can enter up to 100 characters.
Resolving Managed Google Play account issues
Devices with Managed Google Play (MGP) account issues are now shown with a security alert icon. IT admins can monitor the devices with issues and sync a new, and issue-free Managed Google Play account to the device using the Device Command page.
Knox Service integration
Add a secondary admin using an email invitation
Starting with this release, if the IT admin is logged in to KM using their Samsung SSO credentials, they can invite other secondary KM admins—such as super admins, sub-admins, service admins, or read-only users—using an email invite. This functionality is similar to the KCS process to invite users.
The process to invite a secondary KM admin works as follows:
- On the KM portal left hand navigation menu, go to Settings > Administrator > Add. If you are logged in using your Samsung SSO credentials, you see the Administrator page as described in the next step.
- On the Administrator page, enter all relevant information, and click Invite. When prompted, click OK.
- If the email address entered on this page is correct, the target device user receives an email notification. When the email recipient clicks this link, the Verify your Samsung Account details page opens where they can verify their Samsung Account details.
- The user then enters the appropriate details to create their new Samsung Account.
- Upon successful completion of the account creation process, the Knox Admin Portal opens to show all relevant KCS services in a single unified portal.
Azure AD based SSO login
Starting with this release, IT admins can access the KM console from the Knox portal if they are logged in using an Active Directory account. The KM direct login page now includes a Sign in with AD option.
Application Deployment Scheduling
Starting with this release, the IT admin can schedule the deployment and installation of MGP or Internal applications on the device at a specific time. If necessary, the IT admin can also deploy or install the apps manually using a device command.
The following restrictions apply to this improvement:
- This feature is supported only for MGP or internal Android apps.
- IT admins can set the scheduled deployment time for a specific date, and in 30 minute increments any time after 30 minutes from the time when they are creating the automatic deployment schedule, that is, the current time on the KM console.
App Lock usability improvements
The App Lock feature was improved to allow IT admins to select an app without entering the app's bundle ID. If the Application Block or Allowlist Settings are set and an app lock setting is applied to one or more apps, the App Lock app is automatically added to the Allowlist.
Add support for additional MDM policies
This release adds support for the following additional MDM policies in the Security, Application, Phone, Interface (new policy category), and the System category under Profile.
For KM consoles with the EU locale settings, due to tightened regulatory compliance with GDPR, IT admins are now prompted to agree to collection of cookies from the KM console. If the IT admins do not allow the collection of cookies, features such as saving sign-in information and Do not show again functionality for notification dialog boxes does not work properly. The notice of cookie collection is shown to the IT admins when they log in to the KM console for the first time after the KM 21.6 release.
IT admins can either click Accept and Close to allow all cookies, click Personalize to go to a screen that allows them to manage individual items, or click Continue without Accepting to dismiss the dialog and continue with the task at hand. IT admins can also change this selection on the login page using the Manage Cookies link.
Other improvements and enhancements
This release also includes the following improvements and enhancements to other features.
- Limited Enrollment UI improvements: The Limited Enrollment page now features option buttons for Device type, that is Devices and KME Devices. This option is available on the KM console under Settings > Android > Limited Enrollment.
- Limited Enrollment OpenAPI: This release includes the following open APIs:
- Get Limited Enrollment: /oapi/limitedEnrollment/selectList
- Create Targets: /oapi/limitedEnrollment/create
- Delete Targets: /oapi/limitedEnrollment/delete
- Get Limited Enrollment: /oapi/limitedEnrollment/selectList
- Additional characters for push notification messages: Until KM v21.4, push notification messages had a character limit of 30 characters. Starting with this release, push notification messages can contain up to 80 characters.
- Device Detail Report improvement: The Device Detail Information report now contains an additional field called Last Connection Date. (LAST_CONNECTION_UPDATED)
Resolved issues and improvements
- [KMVOC-10584, 00215862] KM for POLKOMTEL :Problem with installing certificates. (HOTFIX)
- [KMVOC-10562, 00215662] Internal app auto update failed and console > application > app shows communication failure (HOTFIX)
- [KMVOC-10561, 00215501] Unable to send App Install command for organization sub-admin in KNOX Manage (HOTFIX)
- [KMVOC-10605, 00216213] Can't install/update Meideas (HOTFIX)
- [KMVOC-10602, 00216343] cannot update BIZFast app even after BIZFast app uploading (HOTFIX)
- [KMVOC-10614, 00214913] Zonar complains about inaccurate Ram usage in KM dashboard
- [KMVOC-10540, 00215038] Unable to Modify Application
- [KMVOC-10525, 00214786] Make search non-case sensitive when adding users to group
Your blog post content here…