The following are the new features and enhancements introduced with this KCS 1.27 release.
Knox Mobile Enrollment (KME)
1. QR code enrollment (Android 10 devices only)
This release introduces QR code enrollment as a fourth device-side enrollment option for Android 10 devices in addition to existing Bluetooth, NFC, and Wi-Fi Direct options. A QR code is a unique matrix barcode containing information about the item to which the QR code is attached.
The QR code enrollment process begins with a device plus-sign (+) gesture that activates the device’s camera in QR code recognition mode. Once a QR code is recognized, a Wi-Fi connection is made and enrollment begins. If there are no Wi-Fi credentials within the QR-code, then the device user is prompted to provide them, as these are the Wi-Fi connection credentials used during device enrollment in Device Owner (DO) mode.
The QR code profile configuration is defined within the KME console’s Device Owner profile settings screen by selecting the ADD QR CODE button that is only available for Android 10 devices.
By default, the QR code is only used for devices uploaded by resellers. However, there is an option for other non-reseller uploads as well to reduce the dependency of reseller involvement and the use of the Knox Deployment App (KDA).
If adding a Wi-Fi network configuration to the QR code, define the security option as either None, WEP, or WPA/WPA2. The QR code contains the profile ID, country, and an optional Wi-Fi SSID and password, all in a non-encrypted JSON format. Consequently, QR codes should only be shared with trusted admins.
The Samsung Knox team recommends enabling wireless isolation on the network’s access point or router resource when adding a Wi-Fi configuration to a QR code. Enabling wireless isolation restricts a wireless computer from accessing other computers connected to the local network, effectively isolating that device on the network. The means to enable wireless isolation differs depending on the router or access point manufacturer. Refer to the documentation available from the manufacturer for their specific instructions on enabling wireless isolation.
Once all the mandatory fields are populated, select ADD to include the QR code with the profile. The QR code is generated once the profile is created.
2. Search option added to role column filter within Administrator & Roles screen
To date the KME console’s Administrators & Roles screen did not have a filter and sort option within the screen’s Role column. Both the Knox Configure and Knox Guard consoles have this filter option, so it’s important for customers that this filter option be available within the KME console as well.
To address this issue, a filter option has been added to the KME Administrators & Roles screen.