Please refer to the below list of new features and improvements to be released with Knox Manage version 2.1.5 scheduled for Friday, the 23rd of November 2018.
- Android Enterprise Support
- Getting Started UI/UX Update
- Profile Access Management for Sub-admins
- Remote Support Tool Enhancement (No 6-digit Code)
1. Android Enterprise Introduction
Knox Manage v2.1.5 is the first version to support Android Enterprise. Most of the major features are supported from this release, yet some of the rest features are coming soon.
Please refer to the Android Enterprise Support in the last part for more details.
2. Getting Started UI/UX Update
Quick start wizard is replaced with ‘Getting Started’ to maintain consistent Look & Feel with the other Knox cloud services such as Knox Configure.
The tasks are listed based on the main scenario groups - Enroll, MDM, MAM, MCM and Setup. The “Start” buttons of each task will redirect IT admins to the dedicated menu links.
In the later release, we will provide FAQs under the each task menu and additionally include advanced use cases such as AD/LDAP user integration or Cloud Connector.
3. Profile Access Management of Sub-admins
Super admin can assign sub-admins with specific access to selected MDM/MAM profiles from the Administrators list in the admin console.
- Click ‘profile setup’ icon after creating admin (Setting > Admin Console > Administrators)
- Assign MDM/MAM profile accesses to each sub-admin
4. Remote Support Tool Enhancement
From this release, end users do not have to enter 6-digit code to receive remote support, if the user turned on “Allow Admin to run” option from the app (by tapping the icon). If the setting is on, IT admin can remotely initiate Remote Support Tool without end user’s consent.
This enhancement has been made especially for transportation use cases, where the drivers had pull over their trucks to enter 6-digit code if were to receive support.
5. Marketing Name Supports
Previously, Knox Manage console displayed the device list only by the model codes, such as SM-G955F and MN8X2KH.
From this release, the device list will also show the marketing names along with the model codes for Samsung and Apple devices. For example, Galaxy S9 Plus (SM-G955F).
6. Check ‘Last Seen’ (Connectivity) at the device list
‘Last Connected’ term in the device list has been modified with ‘Last seen,’ which is the menu to show when was the last communication between the KM server and the device agent.
The time is shown either in red or green arrows according to the predefined policy value at ‘Based on Last Seen (time)’ under Setting > Configuration > Category : Device. The default is set at 24 hours; if the last connection was 24 hours ago, red arrows will appear.
7. Create app shortcut on Home Screen
IT admin can create shortcut icon at Home screen when installing internal app by checking to Use “Create a Home screen shortcut during app installation” option in application profile in Profiles > Application Management Profiles.
8. Priority setup between device command and profile
Even if policies are already applied, device command has higher priority than the profile policy. For example, even if power off option is disabled by MDM profile, IT admin can still reboot the device by executing ‘Reboot device’ command.
Now there are three exceptions not following the above priority setting - Location profile, App-related profile, and Micro SD card factory reset – per reasonable scenarios as below.
- Location policy relates with Privacy issue. If end user did not agree with the sharing of location information, Admin should not be allowed to gather.
- If an app is blacklisted, the app cannot be installed; even if it were installed, the app would be automatically deleted instantly. Hence, the blacklisted app cannot be run through device command.
- In Micro SD card case as well, two conflicting policies will not work. For example, to send device command to factory reset and initialize SD card when the use of Micro SD card is disallowed in profile.
9. Minor UI/UX updates
KM agent session
- When agent login credentials were changed, the KM agent would be automatically logged out from the existing session. From this release, the session will be kept (not logged out) even if IT admin changed end user’s password to remedy the use case where many devices are enrolled to a single user ID.
Alert shows two events by default
- Only two critical events – Security Violation and Changes in Device Status - will Alert IT admin in the default setting.
Un-enrollment by end user
- End user can unenroll device by themselves without admin’s command so long as ‘Allow deactivation request’ is set allowed; the option is available under Application Profile > EMM Client at the admin console.
Policy summary view on the device side
- Admin can choose whether to show Policy summary in the KM agent or not from EMM Client Policy menu in Profiles à Application Management Profile à EMM Client Policy.
Workspace creation option is deprecated, so the folder type is applied by default.
10. Android Enterprise Support
The major features included with this release are:
- Managed Device (and enrollment by KME, Identifier, QR code)
- Work Profile (and enrollment by KME and generic registration)
- Managed Google Play Store (public/private app deployment)
11. User interface search function improvements
Currently, users may not know how the search function optimally works within the Knox Configure console. The console’s search capabilities are case insensitive within most tables, but case sensitive in some tables, such as the Devices tab, since the vast number of devices require case sensitivity. A partial match search is supported for each search parameter, but an exact match is applied to a device IMEI/SN. Additionally, a blank space between search keywords means an AND condition
The following are the tabs within the Knox Configure console, and the searchable columns or parameters within each. These will be better described in the Knox Configure User Guide beginning with this release:
- Profiles – PROFILE
- Devices > UPLOADS – RESELLER
- Devices > DEVICES - DEVICE ID, PROFILE, MODEL, TAGS
- Devices > DEVICES Device deletion log - DEVICE ID, MODEL, ORDER NO., DELETER
- Licenses - LICENSE NAME, KEY
- Applications - Application name, Package name, Description
- Administrators - ADIMINISTRATOR NAME, EMAIL
- Activity log - NAME, CATEGORY, EVENT, DESCRIPTION
Knox Manage Android Enterprise Support
Google provides two modes of Android Enterprise, Managed Device and Work Profile.
- Managed Device is to manage CL (Corporate Liable) devices those owned by the enterprise. When device is enrolled as Managed Device, IT admin has the full control over the device; the agent sits as Device Owner (DO) of the device.
- Work Profile is BYOD (Bring Your Own Device) case, where end user owns the device and uses it both personally and for work. The agent sits inside the container area as Profile Owner to separate work apps from personal apps. IT admin can control the work area only, and has no visibility over personal area.
Non-AE Android features, which we named as Android (Legacy) in the console, continue to be supported. When adding organizations or users, IT admin will select the activation type.
- Knox Manage V2.1.5 includes features of both Fully Managed Device and Work Profile. Major policies of Android Enterprise type are supported as below.
EMM Registration for KM Android Enterprise
Prior to utilize Android Enterprise services on Knox Manage, IT admin must register gmail account and EMM information with Google Server through Knox Manage by Google policy.
KM provides Managed Google Play Account Sign-up for that in Settings à Android à Android Enterprise as the screenshot. Once clicked “Register EMM” button, IT admin will be redirected to the page to sign in to Google Play.
Managed Google Play Store (App Deployment of AE)
Managed Google Play Store is the enterprise version for Google Play Store which allows to select, purchase and manage apps for the organization. IT admin can create a list of approved apps and manage updates.
Managed Google Play on Knox Manage supports deployment of both public and private apps. And there are two ways of providing private apps – Google hosted (application should be uploaded to the Managed Google Play) and Self-hosted (without uploading the internal app to Google server).
Knox Manage V2.1.5 only provides Google hosted for now, and Self-hosted will be available from the next year.
- [00152891 / KMVOC-7288] Kiosk Browser Mode Issue - new url cannot be applied to device as a main page
- [00152324 / KMVOC-7296] Can not install Chrome inside legacy container (pre O devices)
- [00149582 / KMVOC-7308] App is Installed into knox container after10mins.
- [00152596 / KMVOC-7318] - Knox Manage Bookmark issue
- [00151598 / KMVOC-7324] Deployed APN-username is not shown in settings.
- [00154132 / KMVOC-7334] Knox container removed on multiple (50+) devices after 2.1.4 release
- [00154310 / KMVOC-7339] Knox Manage profile configuration issue
- [00154420 / KMVOC-7345] Agent inside the container not configured
- [00154258 / KMVOC-7350] Unable to copy device management profiles
- [00154828 / KMVOC-7380] app catalog problem with internal app without UI
- [00155177 / KMVOC-7386] Workspace license expired but license is valid
- [00154020 / KMVOC-7422] NFC block
- [KMVOC-7434] Enrollment fails when USB exception policy is set