Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.18
  3. Administration
  4. Managing Android devices
  5. Activating Android devices
  6. Creating activation profiles
  7. Supporting Samsung Knox DualDAR

Supporting 
Samsung Knox
 DualDAR

Devices that support 
Samsung Knox
 DualDAR encryption can have work data secured using two layers of encryption. The outer layer of 
Knox
 DualDAR is built on 
Android
 file-based encryption and enhanced by 
Samsung
 to meet MDFPP requirements. In the activation profile, you can specify whether to use the default built-in encryption app or an internal encryption app that you want to use for the inner layer of encryption in the work profile. If you choose to use the default app, the work profile is secured using a FIPS 140-2 certified cryptographic module that is included in the 
Samsung Knox
 framework. The internal encryption app is a purpose-built cryptographic module that is developed by your organization or a third party and is expected to be FIPS 140-2 certified. When the user is not using the device, all data in the work profile is locked and can’t be accessed by apps running in the background.
Requirement
Description
Supported devices
Samsung Galaxy S
10, 
Samsung Galaxy Note
 10, and future 
Samsung
 flagship models
Encryption app
If you have an encryption app that you want to use for 
Knox
 DualDAR encryption, you must add it as an internal app in the 
BlackBerry UEM
 management console. You select this encryption app when you create an activation profile for devices that support 
Knox
 DualDAR. You can also choose to use the default encryption app instead.
Activation profile
To support 
Knox
 DualDAR encryption, create an activation profile with the following settings for Android devices: 
  • Select the Work and personal - full control (Android Enterprise fully managed device with work profile) activation type 
  • Select the 
    When activating Android Enterprise devices, enable premium UEM functionality such as BlackBerry Secure Connect Plus
     option. 
  • Select the 
    Enable Samsung Knox DualDAR Workspace
     option. 
  • To use the default encryption app, select the 
    Default built-in encryption app
     option. To use another encryption app, select the 
    Select an internal app for encryption
     option and choose the encryption app that you want from the app list.
If you enable 
Knox
 DualDAR encryption in the activation profile, you should assign the profile to devices that support it only. If your organization supports a mix of devices that may or may not support 
Knox
 DualDAR, you should assign the activation profile to a device group. If you enable 
Knox
DualDAR activation for an unsupported device, the activation will not complete successfully. 
BlackBerry UEM Client
A version of 
BlackBerry UEM Client
 for 
Android
 later than 12.35.2.155980 is required.