Supporting Samsung Knox DualDAR
Devices that support
Samsung KnoxDualDAR encryption can have
Knox Workspacedata secured using two layers of encryption. The outer layer of
KnoxDualDAR is built on
Androidfile-based encryption and enhanced by
Samsungto meet MDFPP requirements. In the activation profile, you can specify whether to use the default built-in encryption app or an internal encryption app that you want to use for the inner layer of encryption in the work space. If you choose to use the default app, the work space is secured using a FIPS 140-2 certified cryptographic module that is included in the
Samsung Knoxframework. The internal encryption app is a purpose-built cryptographic module that is developed by your organization or a third party and is expected to be FIPS 140-2 certified. When the user is not using the device, all data in the
Knox Workspaceis locked and can’t be accessed by apps running in the background.
Samsung Galaxy S10,
Samsung Galaxy Note10, and future
If you have an encryption app that you want to use for
KnoxDualDAR encryption, you must add it as an internal app in the
BlackBerry UEMmanagement console. You select this encryption app when you create an activation profile for devices that support
KnoxDualDAR. You can also choose to use the default encryption app instead.
KnoxDualDAR encryption, create an activation profile with the following settings for Android devices:
If you enable
KnoxDualDAR encryption in the activation profile, you should assign the profile to devices that support it only. If your organization supports a mix of devices that may or may not support
KnoxDualDAR, you should assign the activation profile to a device group. If you enable
KnoxDualDAR activation for an unsupported device, the activation will not complete successfully.
BlackBerry UEM Client
A version of
BlackBerry UEM Clientfor
Androidlater than 22.214.171.124980 is required.