Supporting Samsung Knox DualDAR
Samsung Knox
DualDARDevices that support
Samsung Knox
DualDAR encryption can have work data secured using two layers of encryption. The outer layer of Knox
DualDAR is built on Android
file-based encryption and enhanced by Samsung
to meet MDFPP requirements. In the activation profile, you can specify whether to use the default built-in encryption app or an internal encryption app that you want to use for the inner layer of encryption in the work profile. If you choose to use the default app, the work profile is secured using a FIPS 140-2 certified cryptographic module that is included in the Samsung Knox
framework. The internal encryption app is a purpose-built cryptographic module that is developed by your organization or a third party and is expected to be FIPS 140-2 certified. When the user is not using the device, all data in the work profile is locked and can’t be accessed by apps running in the background.Requirement | Description |
---|---|
Supported devices | Samsung Galaxy S 10, Samsung Galaxy Note 10, and future Samsung flagship models |
Encryption app | If you have an encryption app that you want to use for Knox DualDAR encryption, you must add it as an internal app in the BlackBerry UEM management console. You select this encryption app when you create an activation profile for devices that support Knox DualDAR. You can also choose to use the default encryption app instead. |
Activation profile | To support Knox DualDAR encryption, create an activation profile with the following settings for Android devices:
If you enable Knox DualDAR encryption in the activation profile, you should assign the profile to devices that support it only. If your organization supports a mix of devices that may or may not support Knox DualDAR, you should assign the activation profile to a device group. If you enable Knox DualDAR activation for an unsupported device, the activation will not complete successfully. |
BlackBerry UEM Client | A version of BlackBerry UEM Client for Android later than 12.35.2.155980 is required. |