Android devices enrolled in Device Admin (DA) mode are subject to various Mobile Device Management restrictions, mainly revolving around Android’s security framework. Also, there has been an End-of-Support(Announcing-End-of-Support-for-Device-Admin-Enrollment) for Device Admin enrollment, which limits the usage of certain SDK methods.
Having said that, from Android 15 onwards, devices must run as the Android Enterprise Device Owner (DO) a fully-managed device, or the Profile Owner (PO) a work profile with SureMDM Agent, to access certain Knox SDK features. SureMDM Agent running purely in Device Administrator (DA) mode, without running as the DO or PO, does not meet these requirements and will lose access to the below listed Knox SDK methods. CLICK HERE to know the list of Restricted Knox SDK methods.
Purpose:
The purpose of this knowledge article is to know the features that are deprecated for Samsung OS 15 devices enrolled in the Device Admin mode.
Prerequisites:
Samsung OS 15, Enrollment method – Device admin.
List of Features:
1.Silent installation and updating of applications
Allows us to install or update mobile applications remotely without any manual intervention.
To know different ways of installing or updating an app remotely CLICK HERE
2. Silent uninstallation of applications.
While uninstalling the application via runscript job or application settings job it doesn’t require a manual intervention to uninstall an app..
To know different ways of installing or updating an app remotely CLICK HERE.
3.Enabling and disabling of applications.
Enabling and disabling of applications on the managed devices can be done through the console.
To enable application :-
Login to SureMDM Web Console > Select the device > click Apps from the Quick Action Toolbar -> Select the application -> Enable the visibility.We can also use script to enable the apps:
!#suremdm
enable(pkg_name)To disable application :-
Login to SureMDM Web Console > Select the device > click Apps from the Quick Action Toolbar -> Select the application -> Disable visibility.We can also use script to enable the apps:
!#suremdm
disable(pkg_name)
4.”BlockUninstall” run script.
Blocks the specified applications uninstallation from the device enrolled in Device Owner.
!#suremdm
blockUninstall(pkg1,pk2,..,pkgN)
5.”Restart app on relaunch” feature in SureLock.
When the device reboots or SureLock relaunches, the specified app restarts on the device allowed in the SureLock.
SureLock admin settings -> Allowed applications -> Visible Apps -> Modify added application -> Restart app on relaunch.
6.Wiping of Recent Tasks on the Home screen.
When the Wipe Recent Tasks option is selected, the user’s most recent apps/tasks running are automatically cleared when SureLock launches.
SureLock admin settings -> Samsung KNOX settings -> Wipe recent apps -> Enable
7.”Kill unallowed application” feature in SureLock.
When an unallowed app is opened on an Android device that is locked down with SureLock, SureLock blocks the application but leaves it running in the background.
By choosing the Kill Unallowed Application option, all background unallowed applications will be blocked.
SureLock admin settings -> SureLock settings -> Enable Kill unallowed application
8.Launching activities from the background without “Draw over other apps” permission (Application lock)
This permission can be tricky due to Android’s security model, which is designed to prevent apps from overlapping other apps without user consent. For example Use Notifications, Foreground Services, Activity Launch Intent, User-Initiated Actions, and Accessibility Services.
!#suremdm
allowSpecialPermissions(true,packagename,24)Display over other apps= 24
9.”addPackagesToDisableUpdateWhiteList” run script.
If we want to whitelist a particular application’s update by putting restrictions for other apps then we need to use the below run script.
!#suremdm
addPackagesToDisableUpdateWhiteList(PackageNames)
10.”addPackagesToDisableUpdateBlackList” run script.
To restrict the upgrade of desired applications we need to use the below run script.
!#suremdm
addPackagesToDisableUpdateBlackList(PackageNames)
11.”setAdminRemovable” run script.
This script helps in removing the administrator permissions of the specific app.
!#suremdm
setAdminRemovable(true,pkg_name)
12.Full remote support.
Remote support in SureMDM allows administrators to troubleshoot issues, provide assistance, and perform remote tasks on enrolled devices.
Steps to access remote support on Android devices:Login to SureMDM Web Console > Select the Android device > Right-click and select Remote or click Remote from the Quick Action Toolbar.
If you have any questions or need help with our products, please don’t hesitate to contact our support team.