Supporting Samsung Knox DualDAR
Samsung Knox
DualDARDevices that support
Samsung Knox
DualDAR encryption can have work data secured using two layers of encryption. The outer layer of Knox
DualDAR is built on Android
file-based encryption and enhanced by Samsung
to meet MDFPP requirements. In the activation profile, you can specify whether to use the default built-in encryption app or an internal encryption app that you want to use for the inner layer of encryption in the work profile. If you choose to use the default app, the work profile is secured using a FIPS 140-2 certified cryptographic module that is included in the
Samsung Knox
framework. The internal encryption app is a purpose-built cryptographic module that is developed by your organization or a third party and is expected to be FIPS 140-2 certified. When the user is not using the device, all data in the work profile is locked and can’t be accessed by apps running in the background.Requirement | Description |
---|---|
Supported devices | Samsung flagship models are supported. |
Encryption app | If you have an encryption app that you want to use for Knox DualDAR encryption, you must add it as an internal app in the management console. You select this encryption app when you create an activation profile for devices that support Knox DualDAR. You can also choose to use the default encryption app instead. |
Activation profile | If you enable Knox DualDAR encryption in the activation profile, you should only assign the profile to devices that support it. If your organization supports a mixture of devices that may or may not support Knox DualDAR, you should assign the activation profile to a device group. If you enable Knox DualDAR activation for an unsupported device, the activation will not complete successfully.To support Knox DualDAR encryption, create an activation profile with the following settings for Android devices:
|
BlackBerry UEM Client | The latest version of the BlackBerry UEM Client for Android is recommended. |