Currently, when an error occurs during device enrollment, the enrollment process stops, regardless of the error type, and a failure is reported to the KC server. The current messaging is often inadequate to properly define the scope and severity of the issue that is stopping enrollment.
This implementation of this feature enables IT admin to better distinguish and categorize errors and warning messages during enrollment. Enrollment now continues when a warning occurs, but stops when an error occurs. The device log now has better descriptions and links to specific warnings and error conditions.
To date, when Knox Configure updates a device and the device’s ProKiosk mode has already been set by a customized app other than Knox Configure, a failure occurs regardless of the normal or ProKiosk mode profile type. However, if a normal mode profile is used, the Knox Configure update can be completed without a conflict with ProKiosk mode. To remedy this situation, a Knox Configure normal mode profile is now compatible with ProKiosk mode using a customized app with cSDK without a failure.
To date, a license can be entered only if the Knox Configure License name is unique to all customers. However, there is no way for a user to know if name is truly unique across all customer deployments. To remedy this problem, the License name duplicate check logic has been revised from all customer deployments to an individual customer's pool of licenses.
To satisfy a customer request, a second APN resource with the same APN resource parameters (name, apn, mcc, etc.), can now be configured and entered within the Knox Configure console. While adding multiple identical APN resources has been supported on the device-side for some time, it is only with this current release that an identical APN resource can be defined and made available within the KC console.
Currently, the Home screen grid options do not provide enough customer preferred choices. As a result, new 4x6 and 5x6 options have been included to provide administrators a better selection for a growing set of supported device models (such as the new GalaxyS9+) . Additionally, the grid selection drop-down menu has been moved into the Device screen preview field for better logical placement of the grid selection option.
This enhancement permits numerous bulk configuration operations within the KC console using a CSV file. Bulk configuration operations include assigning and un-assigning profiles, device deletions, locking devices, unlocking devices, and adding tags. To bulk configure devices, navigate to DEVICES and select BULK ACTIONS. Follow the directions on the right-hand side of the screen for preparing a CSV file with one device ID per row then add the CSV file into the portal.
In response to requests from both our internal and external user communities, this enhancement enables a Locked or ProKiosk mode device to remain in its current locked state or kiosk mode, even after the device profile is unassigned. To date, when a profile is unassigned from a locked or kiosk mode device, the locked state or Kiosk mode is released.
The Model field has been removed from profiles. Therefore, one profile can be assigned to different models types and users do not have to create a separate profile for each model. This also enables future profile enhancements such as "auto-profile-assignment".
To date, when an IT admin pushes an updated configuration profile, all devices or selected devices assigned to that profile can receive the configuration update. With this enhancement, an IT admin can select individual devices for push updates from the portal’s DEVICES tab. This helps admins update just those specific devices intended for an update, and exclude those devices that are not.
To date, when an IT admin pushes an updated configuration profile, each device utilizing this specific profile receives the update, whether intended or not. With this enhancement, an IT admin can select individual devices for push updates from the portal's PROFILES tab or at the time of profile modification. This helps admins update just those specific devices intended for an update, and exclude those devices that are not.
To date, KC permits just the package name for an application shortcut. However, some apps (like contacts) include several activities and appear as independent apps to device users. With this release, support is now available for providing an activity name when creating a shortcut. The KC agent will fail however if the shortcut is provided as just an activity name, since the client validates the entire package name string (for example, com.samsung.android.contacts.com.android.dialer.DialtactsActivity). As an interim solution, the KC agent checks if an activity name exists before passing it as a package.
To date, the Home screen index started from 0 in Galaxy S8 and later model devices. With other models, if the zero page is disabled, the home screen starts from 0. However, if the zero page is enabled, the home screen starts from 1. To remedy this situation, the home screen index is adjusted for better consistency for both shortcuts and widgets, regardless of the presence of a Zeropage.
In response to requests from both our internal and external user communities, this enhancement enables a Locked or ProKiosk mode device to remain in its current locked state or kiosk mode, even after the device profile is unassigned. To date, when a profile was unassigned from a locked or kiosk mode device, the locked state or Kiosk mode was released.
Currently, there is no on/off setting in the Knox Configure portal for Bluetooth discoverable mode, only a means to either enable or disable Bluetooth. Discoverable mode is a Bluetooth device state that enables Bluetooth devices to search, connect and transfer data amongst other Discoverable mode enabled Bluetooth devices. The addition of Bluetooth discoverable mode with this release is just for Dynamic edition Knox Configure profiles in either Normal or Kiosk mode.
If an IT admin disables Bluetooth discoverable mode, the discoverable mode remains off even if the device end user enables Bluetooth on their device. If an IT admin wants to turn on Bluetooth discoverable mode on an end user’s device, they uncheck the Disable Bluetooth discoverable mode option in Knox Configure. Once enabled in Knox Configure, discoverable mode remains on, even if the end user turns off Bluetooth on their device.
To date, there is no parameter to differentiate Enterprise Edition profiles within the Knox Deployment App. To resolve this confusion, the Knox Deployment App now correctly lists Setup, Dynamic or Dynamic EE as the profile type to better categorize profile types.
Currently, the Knox Configure Feedback form is frequently used by customers to report technical issues with the portal, as opposed to a form for general feedback to improve their Knox Configure portal experience. To resolve this issue, links have been added into the Feedback form to route customers to the proper Support resources for filing a ticket. This update keeps the feedback form dedicated to portal improvements and not a resource for filing and escalating individual customer support issues.
This feature enables an IT admin to define an application as a device kiosk mode home activity. ProKiosk mode requires the home activity support and run a single application.
From the Home & Lock screen's Home activity drop-down menu, select the + Add a pre-installed application option. The resulting pop-up allows a user to enter a valid package name in the input field. Once submitted, the provided application is available for selection within the home activity drop-down menu.
To date, only active KLM keys could be added within the Knox Configure console. Consequently, inactive KLM keys could not be added and registered to a Knox Configure server before their actual activation date. To satisfy customer requests, an IT admin can now add a new KLM license (but not an inactive license) before its actual SLM activation date, enabling the admin to optimally register the license and assign a profile and devices before the license activation date. A pop-up warning message will be included to communicate the activation date for the license has not yet started.
With this enhancement, an IT admin can customize a ProKiosk device's keyboard settings by turning On/Off predictive mode or enabling/disabling keyboard settings.
The Predictive mode setting and Keyboard setting options function independent from one another, so there are no constraints on using these options together.
Related API options are available within Knox Customization SDK.
To date, when a device lock is applied, there was no option but to make a call to the number predefined by an IT admin. This posed a significant problem for users in an emergency, since they may not be able to reach out to an appropriate emergency responder.
The new EMERGENCY CALL button provides a means of contacting a default emergency resource when a device PIN cannot be provided and the device unlocked.
The following KC console enhancements are included in this release:
This feature enables a CRL for MPS Server to support CC mode enabled devices. CC mode support is often a requirement with government and other highly secure deployment environments. One of CC mode's mandates is a certificate revocation list (CRL) for CA certificates. To support CC mode, Samsung is adding a CRL to a MPS self-signed certificate maintaining backward compatibility.
To date, if a device is configured and its assigned profile is changed, a profile push update is made regardless of the profile's edition. New rules now restrict Setup edition profiles from receiving a push update. A dynamic profile can still push update another dynamic edition profile, and a setup edition profile can push update a dynamic edition profile. However, a setup edition profile can no longer update another setup edition profile , nor can a dynamic edition profile push update a setup edition profile.
A lock menu is now available for devices configured with a dynamic edition Knox Configure profile, and is no longer available for devices utilizing a setup edition profile. If some of the selected target devices are currently assigned a setup edition profile, the device's Lock menu is disabled until just dynamic edition devices are selected for update.
This support provides an extension of the existing Samsung Enterprise Edition devices available to use Knox Configure. Knox Configure now supports Note 8 Enterprise Edition devices in Germany and the USA. To date, on the S8 has been supported. This new S8 support is retroactive to the October 2017 Knox Configure release.
To optimally display widgets on a device's home screen, widget related information can now be extracted from the APK for in-house applications (non Google Play apps). Extracted widget properties include minHeight, minWidth, minResizeWidth, minResizeHeight and resizeMode.
When uploading in-house apps, a preview image is extracted and displayed.
This enhancement addresses our IT admins' request to have the device end user complete KC enrollment without touching the device's FINISH or RESTART button. To satisfy this request, the device's FINISH button remains as it is today, but a new 5-second timer displays under it. If there is no input from the user for 5 seconds, the device automatically moves to its home screen. In ProKiosk mode, a message will display stating the device will restart in 5 seconds, then reboot automatically.
This enhancement enables a device user to make a call to the phone number displayed in the device's lock screen when they touch the number. Additionally, the device can now send an Email to the Email address displayed in the lock screen when they touch that email address.
This enhancement supports system integrators and IT admins who want to allow specific URLs in ProKiosk mode, and restrict specific URLs on an end user's device. URLs must start with http://, https://, or ftp:// to be whitelisted or blacklisted successfully using an application URL restriction.
The Applications field is mandatory for ProKiosk and normal mode profile support.
To optimally report and display the number of locked devices in the Knox Configure portal, new column items and color codes are available within the portal's Dashboard and Customization trend graph to visually report, trend and distinguish when devices are locked in Knox Configure.
To support Bluetooth enrollment, an IT admin can install the KDA on a dedicated admin (master) device and select specific profiles. A device user triggers Bluetooth enrollment by booting or factory resetting their device. If the user's device is within proximity of the admin's device, the user device connects to the admin device wirelessly via Bluetooth without a PIN or password requirement. The user enrolls using the profiles defined on the admin device. For more information, refer to the Knox Developers APP KDA User Guide located within the User Guide folder.
With this APN enhancement, IT admins can now set a wearable's APN configuration Name, APN protocol (IPv4, IPv6) and MMSC. Once the APN configuration is added and applied, these new variables display in the APN list.
This enhancement permits system integrators and IT admins to save content on their end users' wearable device within a dedicated Contents folder. With this feature, an IT admin creates a dynamic or setup edition profile and selects files to save within the folder from the Knox Configure portal. The IT admin the associates devices with the profile. The IT admin then verifies the target files are saved within the device's Contents folder.
The existing factory reset option in the KC portal's Actions menu is now available to KC enrolled wearable devices using a dynamic edition profile. This allows wearable devices, when need be, to be factory reset and enrolled again.
This feature enforces only https formatted links be used in EULAs, as opposed to less secure http formatted EULAs.
Admins can now assign a profile to a previously configured device and update a device's profile via a push notification. As a result, IT admins can now switch device profiles with ease, whereas previously a device had to enroll again via a factory reset or Get Latest Profile button.
A device profile push can be completed by the user pressing FINISH or after a 5-second timer expiration. Going forward from this release the FINISH and RESTART buttons still display, but there is a new 5-second timer under them to complete the action with less user input. If there is no user input after the 5-second countdown, the device screen automatically moves to the device home screen or restarts. This feature reduces the labor required with large deployment profile pushes, where the FINISH or RESTART button must be selected on each device.
A new checkbox option has been added into the Device Settings portion of the profile creation interface enabling admins to set device auto power off capability when a device is disconnected from its power source, regardless of the Knox version the device is utilizing. This enhancement is available for both setup and dynamic edition profiles. The existing Power on device when connected to a power source option works separately from the new profile power off option.
This feature enables carriers and resellers to lock down devices (if, for instance, a subscriber is delinquent in payment). If locked by Knox Configure, device status updates to Locked, and most device functions are locked. When a device locks, contact information (company name, phone number and Email) display within the lockscreen, and are editable by the admin. When unlocked by Knox Configure, device status updates to Configured. Devices can be unlocked in two ways:
This feature enables the deployment of tablets and test devices using Bluetooth enrollment. For Bluetooth enrollments, customers use the Knox Deployment App to select a KC profile. The customer then goes to configure.samsung.com on the target device to enroll it. Bluetooth enrolled devices display with a BT tag within the KC portal and are treated similarly to NFC devices. A Bluetooth enrolled device displays within the DEVICES > All Devices tab.
The Knox Configure portal's activity log now displays when IT admins log in and out of Knox Configure.
A new version of Knox Configure is now available that is specifically designed for Samsung Gear Sport wearable devices. KC for wearable devices utilizes the Setup and Dynamic editions available with traditional Knox Configure, as well as numerous KC features unique to wearable devices and watch face applications.
KC for wearable devices should be attractive to B2B customers who would like to adopt smart solutions to enhance performance, beyond the existing Knox Tizen SDK for Gear devices.
To date, customers have requested re-sizable and customizable widgets on their device home screen. With the October 11th 2017 release, widgets can be customized, enabling IT admins to upload a widget to the KC server and select the uploaded widget. Once added, a widget can be custom sized on the home screen. This process uses a KC portal simulator to optimally represent the actual user experience.
To better understand the needs of Samsung’s KC users, a Feedback page is now included within the portal allowing users to convey direct feedback, by subject and description, to a dedicated KC email distribution.
The user can optionally contact Samsung Knox Support directly from the Feedback page if their feedback issue requires Support escalation. Lastly, the user can optionally have Samsung contact them directly for further dialogue regarding their feedback.