Back in 2012 Apple was synonymous with device and data security and Android was considered insecure, so Samsung decided to change things and introduced SAFE (Samsung for Enterprise) to secure business data and promote the use of Samsung Android phones for the enterprise. SAFE later developed to a much secure platform supporting tablets and wearables along with phones called Samsung Knox. This embarked the beginning of an era of secure android phones which were on par with Apple in terms of data security
Samsung Knox Overview:
Samsung Knox is a special security solution built into hardware and software of most Samsung devices. Offers defense-grade security with multiple encryption, boot security, kernel protection and much more.
This helps prevent data leak of sensitive company information. About 200+ Samsung devices support Knox including smartphones, tablets, and wearables. Here is a complete list of Samsung devices built on Knox.
Knox Workspace
Knox ensures that the devices used by the employees have isolated business and personal profiles. A special container called Knox container is made available for users to store work apps and data. Knox container later became Knox workspace.
The special feature of Knox workspace is a one-tap switch between personal and work profiles. A simple tap on the Samsung Knox icon on a compatible Samsung Android device will automatically switch between personal and business profiles and allows user to seamlessly navigate between the encrypted content without the need to restart the device
Knox workspace can be activated in Samsung Knox devices enrolled in Android enterprise in either work profile or as a fully managed device with a work profile (Kiosk mode). It can easily be done by activating a Knox license.
Knox Mobile Enrollment (KME)
Samsung Knox mobile enrollment(KME) via the Samsung Knox portal is by far the fastest and most efficient way to enroll Knox supported devices in the enterprise for corporate use.
With Out-of-the-box enrollment, a newly purchased device can be directly enrolled in the enterprise and all the user must do is power on the device and it can be used for work.
For big companies with thousands of devices, it is difficult to enroll them all one by one. Knox makes things easier by providing the option to upload device info and enroll them all at once with a single click. This is a hands-free enrollment method that requires zero effort from the user.
KME also supports multiple MDM configurations per account. A single Samsung account can host different MDM profiles and provide them to different users.
Knox in Android Enterprise
Knox was launched as a more secure platform for Android Enterprise. But over the years, As Android Enterprise grew, it started to incorporate many features that were unique to Samsung Knox devices. This became a challenge for users.
Organizations found it difficult to differentiate between the features of Knox and Android Enterprise. Switching from one platform to another was a painful process of deleting and replacing all data. Organizations also liked both platforms, Knox offered a lot of unique security features which Android enterprise was lacking.
Samsung was not a stranger to these issues, so they decided to collaborate with Google to find a solution. By the release of Android Oreo, they came with a solution called Knox Platform for Enterprise (KPE).
To solve the existing issues, KPE was introduced as an extension of Android Enterprise so that the users could get the best of both worlds. Samsung retained its unique features while older Knox features became a part of Android Enterprise.
Here is a brief on the unique features of KPE.
- Enhanced hardware-backed integrity.
- Knox verified boot.
- Sensitive Data Protection with data encryption while the device is on.
- Real-time kernel protection.
- Enhanced VPN controls.
- Enhanced certificate management
Checkout detailed features of KPE here
Similar features like Android Zero Touch and Knox mobile enrollment (KME) became more simplified. Earlier Samsung devices could only be enrolled out of the box using KME. Whereas Android devices used Zero Touch. The collaboration bought forth a solution, a common library with single integration.
Moreover, existing Android Enterprise users with Samsung Knox devices running on Knox 3.0+ could easily integrate Knox policies with their existing EMM providers, given they have purchased a Knox license.
OEMconfig and KSP
OEMconfig is an Android standard that makes app configuration a breeze. An OEM provided app is made such a way that it can configure all other custom OEM-specific features on the device, instead of having an EMM build support for each of them.
That is, to provide managed app configurations to OEM apps, no more need to upload separate XML files. Upload configuration to OEMconfig app and it will handle app configurations as per requirement. This makes things a lot easier for EMM developers as they can offer day-one support without much hassle.
KPE (Knox Platform for Enterprise) was a pretty neat approach, however, it was a bit costly and required a premium to access special features of Knox. By offering support for OEM config Samsung decided to make things easier for EMM developers and introduced Knox Service Plugin (KSP).
KSP is Samsung’s OEM app for EMM providers to provide Knox Platform for Enterprise (KPE) features to their users from the first day it becomes available. This ensures that IT admins can use the latest Knox features from the day it launches. It eliminates the need for EMMs to provide day-one support. Check out KSP for the detailed list of features.
Samsung Knox integration with MDM
Samsung Knox, in association with a Mobile Device Management solution, can improve security and isolation of business data. Knox helps in streamlining bulk enrollment and provides out-of-the-box enrollment with the help of the KME portal. This makes the user experience hassle-free.Knox integration also provides a wide range of extra features and improved support in application management, kiosk management, web filtering, security management, and remote view and control.
Here is a detailed video tutorial on Samsung Knox integration with MDM solution.
Hey Dwight! How’s Jim doing? ; )
Concerning your query, Hexnode does not support the methods you mentioned previously. However, Hexnode does support the deployment of Knox devices using KME via zero-touch enrollment. For more details, check out our blog on Knox Mobile Enrollment.
Cheers!
Thank you Ethan for your detailed report. Regarding the KME, I have a question , The Samsung Knox Mobile Enrollment comes with different enrolment methods like End user credential entry,
Username pass through and Full credential pass through. Does Hexnode support all these features that comes with Samsung Knox?