Custom Profile Support for Samsung Android Features

The Workspace ONE UEM Console uses Custom profiles to allow admins to push features and other settings to Android devices that are not supported through the Workspace ONE UEM console. The functions discussed in this article include all custom settings available for Samsung Android devices.

 

Using Custom Profiles 

The Custom Settings payload allows admins to enter their own XML into a profile and apply the profile to devices. Follow the steps below using the custom XML code found in this article.

  1. Configure the General profile and deployment options as desired.
  2. Navigate to the Custom Settings profile and select Configure.
  3. Add the associated XML below to theCustom Settings text box.
    1. This XML should contain the complete block of code as listed below, from <characteristic> to </characteristic>.
    2. Administrators should configure each setting from <true /> to <false /> as desired.
    3. If certificates are required, then configure a Certificate payload within the profile and reference the PayloadUUID in the Custom Settings payload.
  4. Select Save & Publish.

To use these custom profiles with Android enterprise Work Managed devices, please reference Configuring Samsung Settings in Android Enterprise.

 

Install Apps Outside of Knox Container 

Admins can choose where to deploy internal apps when using Knox Containers. By default, the app will install inside the container. The custom XML below allows admins to choose to install the app inside the container, outside, or in both locations. Modify the parts bolded text to the intended package ID and install location.

<characteristic type="com.airwatch.android.container.appexceptionlist" uuid="c7241dd6-07a5-4623-b6ed-d711661078d1">

  <parm name="packageId_flag" value="com.android.appid_0" />

</characteristic>

 

_0 = Install on device side

_1 = Install inside container

_2 = Install on both sides

 

Allow Change Data Sync Policy

Use the below XML for more granular control of the Data Sync Policy for Knox Containers:

<characteristic type="com.airwatch.android.container.restrictions" uuid="c0057ca5-da85-4cf8-b4c8-f6deabda50a3">

    <parm name="allowChangeDataSyncPolicy" value="True" />

    <parm name="exportDataOutOfContainer" value="False" />

    <parm name="syncContacts" value="True" />

    <parm name="syncNotifications" value="True" />

    <parm name="syncCalendar" value="False" />

</characteristic>

 

Agent 7.0 Enhancements 

Application Restrictions inside and outside the Knox Container

  • Restrict clear app data
  • Restrict clear app cache
  • Restrict force stop of app

 

<characteristic type="com.airwatch.android.restrictions" uuid="58606e25-1634-4615-8d4e-14d477099600">

   <parm name="allowClearDataForApps" value="False" />

   <parm name="ClearDataBlacklist" value="com.android.app1,com.android.app2" />

   <parm name="allowClearCacheForApps" value="False" />

   <parm name="ClearCacheBlacklist" value="com.android.app1,com.android.app2" />

   <parm name="allowForceStopForApps" value="False" />

   <parm name="ForceStopBlacklist" value="com.android.app1,com.android.app2" />

 </characteristic>

 

<characteristic type="com.airwatch.android.container.restrictions" uuid="58606e25-1634-4615-8d4e-14d477099600">

   <parm name="allowClearDataForApps" value="False" />

   <parm name="ClearDataBlacklist" value="com.android.app1,com.android.app2" />

   <parm name="allowClearCacheForApps" value="False" />

   <parm name="ClearCacheBlacklist" value="com.android.app1,com.android.app2" />

   <parm name="allowForceStopForApps" value="False" />

   <parm name="ForceStopBlacklist" value="com.android.app1,com.android.app2" />

 </characteristic>

 

Agent 7.1 Enhancements

Proxy PAC file support for Cisco AnyConnect VPN (Knox Container)

The entire VPN payload XML must be copied into a custom settings payload with the bolded section included for Proxy PAC configuration.

<characteristic type="com.airwatch.android.container.vpn" uuid="ae53afb2-42d9-4ba9-ab73-abe5d5f2a7d7">

   <parm name="ConnectionName" value="VPN" />

   <parm name="ServerName" value="vpn.url.com" />

   <parm name="ClientType" value="CISCO_ANYCONNECT" />

   <parm name="IsUserAuthRequired" value="True" />

   <parm name="Username" value="user" />

   <parm name="Advanced" value="False" />

   <parm name="VPNAssignment" value="1" />

   <parm name="VpnType" value="1" />

   <parm name="proxy" value="2" />

   <parm name="proxyPACURL" value="http://proxypacurl.pac" />

 </characteristic>

 

Whitelist apps to write to SD card from within the Knox container

<characteristic type="com.airwatch.android.container.restrictions" uuid="58606e25-1634-4615-8d4e-14d477099600">

   <parm name="SDCardWhitelist" value="packagename1,packagename2,packagename3" />

   <parm name="EnableExternalStorage" value="true" />

</characteristic>

 

Agent 7.2 Enhancements

Configure Pulse Secure VPN in the Knox container without user interaction

The entire VPN payload XML must be copied into a custom settings payload with the below section included for silent VPN configuration:

<parm name=" configureSilently" value="True" />

 

Agent 7.3 Enhancements

App Configurations inside Knox Container

Pre-defined configurations depend on the specific application. Modify the bolded sections to suit your app: 

<characteristic type="com.airwatch.android.container.app:com.sec.android.service.singlesignon" uuid="8aac143a-03b6-4bb7-a94d-079f5a8b6cf3">

<parm name="LIBDEFAULTS_DEFAULT_REALM" value="sisoidp.in" type="String" />

</characteristic>

 

Agent 8.1 Enhancements

Allow Iris Scanner, Allow Face Unlock - Device Passcode

<characteristic type="com.airwatch.android.container.passwordpolicy"

uuid="8e7e6641-d5e2-47a8-842a-31e3780e9547">

    <parm name="enableIrisScannerAuthentication" value="False" />

</characteristic>

 

Allow Iris Scanner - Knox Container Passcode

<characteristic type="com.airwatch.android.container.passwordpolicy"

uuid="8e7e6641-d5e2-47a8-842a-31e3780e9547">

    <parm name="enableIrisScannerAuthentication" value="False" />

</characteristic>

 

Allow Lockscreen Shortcuts

<characteristic type="com.airwatch.android.restrictions" uuid="80edc0ae-abed-4efa-89e5-fdc1834f4dbf">

    <parm name="allowLockScreenShortcut" value="False" />

</characteristic>

 

Agent 8.2 Enhancements 

Allow fingerprint authentication inside the Knox Container:

<characteristic type="com.airwatch.android.container.passwordpolicy" uuid="8e7e6641-d5e2-47a8-842a-31e3780e9547">

    <parm name="enableFingerprintAuthentication" value="False" />

</characteristic>

 

Agent 8.3 Enhancements

Samsung DeX Features

{Android Legacy characteristic}

​<characteristic type="com.airwatch.android.samsungdex" uuid="568bc89d-1df8-4ce9-a041-e5a24ac23123">

{Android Enterprise characteristic}

<characteristic type="com.airwatch.android.androidwork.samsung.dex" uuid="568bc89d-1df8-4ce9-a041-e5a24ac23123">

​   <parm name="dexCustomizationLicenseKey" value="KLM03-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX" />

​   <parm name="dexAddPackageToDisableList" value="com.waze, me.scan.android.client, com.airwatch.androidagent, com.facebook.katana, com.sec.android.app.camera" />

​   <parm name="dexRemovePackageFromDisableList" value="com.airwatch.intenttester" />

​   <parm name="dexLoadingLogoPath" value="/sdcard/mickey.jpg" />

​    <parm name="dexShortcut" value="2,6,com.airwatch.androidagent" />

​   <parm name="dexShortcut" value="2,7,com.android.chrome" />

​   <parm name="dexAllowScreenTimeoutChange" value="false" />

​   <parm name="dexSetScreenTimeout" value="120" />

​   <parm name="dexEnforceEthernetOnly" value="true" />

​</characteristic>

 

Universal Credential Management (UCM)

​<characteristic type="com.airwatch.android.container.smartcard" uuid="385b3764-4c96-4f94-ab05-afcd589f5e53">

​   <parm name="enableBrowserAuth" value="False" />

​   <parm name="enableEmailAuth" value="False" />

​   <parm name="UcmLicense" value="KLM03-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX" />

​   <parm name="UcmWhiteListedApps" value="com.samsung.android.email.provider" />

​   <parm name="Vendor" value="Idemia" />

​   <parm name="VendorPackage" value="com.idemia.ucmagentservice" />

​</characteristic>

 

Allow NFC in Knox Container

​<characteristic type="com.airwatch.android.container.restrictions" uuid="ecfec0c0-8656-4af6-b41b-3b9bdf6f268f">
    <parm name="allowNFC" value="True" />
</characteristic>

 

Knox Per App VPN Blacklist

​Add the below to existing VPN profile (may have to copy full VPN payload into a separate custom settings profile):​

<parm name="VPNBlacklistApplications" value="app1,app2,app3" />

 

Other Languages: 日本語

Have more questions? Submit a request

0 Comments

Article is closed for comments.