Supporting Samsung Knox DualDAR Skip Navigation

Supporting
Samsung Knox
DualDAR

Devices that support
Samsung Knox
DualDAR encryption can have work data secured using two layers of encryption. The outer layer of
Knox
DualDAR is built on
Android
file-based encryption and enhanced by
Samsung
to meet MDFPP requirements. In the activation profile, you can specify whether to use the default built-in encryption app or an internal encryption app that you want to use for the inner layer of encryption in the work profile.
If you choose to use the default app, the work profile is secured using a FIPS 140-2 certified cryptographic module that is included in the
Samsung Knox
framework. The internal encryption app is a purpose-built cryptographic module that is developed by your organization or a third party and is expected to be FIPS 140-2 certified. When the user is not using the device, all data in the work profile is locked and can’t be accessed by apps running in the background.
Requirement
Description
Supported devices
Samsung
flagship models are supported.
Encryption app
If you have an encryption app that you want to use for
Knox
DualDAR encryption, you must add it as an internal app in the management console. You select this encryption app when you create an activation profile for devices that support
Knox
DualDAR. You can also choose to use the default encryption app instead.
Activation profile
If you enable
Knox
DualDAR encryption in the activation profile, you should only assign the profile to devices that support it. If your organization supports a mixture of devices that may or may not support
Knox
DualDAR, you should assign the activation profile to a device group. If you enable
Knox
DualDAR activation for an unsupported device, the activation will not complete successfully.
To support
Knox
DualDAR encryption, create an activation profile with the following settings for Android devices:
  • Select the Work and personal - full control (Android Enterprise fully managed device with work profile) activation type
  • Select the "When activating Android Enterprise devices, enable premium UEM functionality such as BlackBerry Secure Connect Plus" option.
  • Select the "Enable Samsung Knox DualDAR Workspace" option.
  • To use the default encryption app, select the "Default built-in encryption app" option. To use another encryption app, select the "Select an internal app for encryption" option and choose the encryption app that you want from the app list.
BlackBerry UEM Client
The latest version of the
BlackBerry UEM Client
for
Android
is recommended.