Samsung Knox: A quest for the most secure android
An Overview of Samsung Knox and its features
Get fresh insights, pro tips, and thought starters–only the best of posts for you.
Feb 5, 2021
11 min read
With the rising popularity of mobile endpoints and its benefit of providing the ability to work remotely from any location on earth, corporate data is now available at your fingertips. But with such mobile endpoints, it is easier for people with malicious intent to expose your enterprise data and resources. There now exists a need to set up a wall of privacy and security for these devices, without jeopardizing your workforce’s productivity. How is this possible? Enter the Samsung Knox Mobile Enrollment Program.
Knox is Samsung’s mobile defense solution. It acts as an additional layer of security molded into your Samsung device, to protect your corporate resources and maintain privacy between your personal and corporate data. It provides a safe and secure environment to store and manage enterprise data. This layer of security, called the Knox layer, is built into every device’s chipset during its manufacturing stage. With it, the devices can connect to the Knox cloud solutions, where businesses can configure, manage and deploy these devices to meet their specific needs.
The Samsung Knox platform offers powerful security and control strategies for all Knox devices. It enables IT admins to manage endpoints, from configuration to device deployment, efficiently. Knox offers a wide variety of advanced security features including Hardware-backed security, app isolation, and data protection, along with a vast suite of management services like Knox Configure and, the hot topic of our blog, Knox Mobile Enrollment.
The Samsung Knox Feature Summary provides a quick reference to all the state-of-the-art features available for Knox devices.
Now, on to the subject of conversation, Knox Mobile Enrollment (KME) is a zero-touch enrollment service offered by Samsung that utilizes the cloud to streamline the deployment of Knox devices. It offers a quick and automated method for your enterprise to enroll devices in bulk, with minimal activity from the user end.
These devices are registered through either an authorized reseller, who bulk uploads devices on behalf of the requesting enterprise or, through IT admins who configure profiles to deploy to a group of devices. Once a device is registered and connected to a network, the apps and profiles are added, and the device automatically gets enrolled in the portal. This eliminates the errors which may occur with manual enrollment and makes the process streamlined and easy.
To utilize the Knox Mobile Enrollment program, there are specific conditions that must first be satisfied. The list of requirements include:
The first step before you enroll and manage your Knox device is to make sure Knox Mobile Enrollment is supported in your country. For a detailed list of all KME supported countries, visit KME country availability.
Your enterprise must have a registered Samsung account. You can create an account by going to the Samsung account creation page, fill in the required details, and activate it using a link sent to your enterprise’s registered email ID or phone number.
Next, you need a Knox portal account. For this, you need to go to the Knox Mobile Enrollment page and enter the required information, after which they will send a confirmation mail to your account. After completing the registration, you can launch the console to create your first enrollment profile to add your registered resellers.
As of now, around 260 Knox devices support Samsung Knox Mobile Enrollment. Currently, KME can enroll Knox devices via Android Device Admin enrollment as well as Android Enterprise enrollment, for both Profile Owner and Device Owner modes. It is also possible to enroll Samsung Knox devices to the KME portal using the Knox Deployment App (KDA).
Samsung Knox devices running Knox version 2.4 or higher support Android Device Admin enrollment using KME.
Samsung Knox devices above 2.7.1 purchased from a reseller participating in the Knox Deployment Program (KDA), will support Knox Mobile Enrollment (KME) using the Knox Deployment app.
Samsung Knox devices running Knox version 2.8 or higher can support Android Enterprise Device Owner enrollment using KME.
Samsung Knox devices running Knox version 2.8 or higher, along with an Android 10+ Operating System, will be able to support Android Enterprise Profile Owner enrollment using KME.
For a detailed list of devices supporting KME, visit devices secured by Knox.
Schedule a free demo on Hexnode MDM with one of our Product Experts, and learn how Hexnode with KME can ease up the deployment of Knox devices to your enterprise.
This step includes adding the right firewall exemptions necessary to connect to the Knox Mobile Enrollment server securely. For more information, go to firewall exceptions.
The Knox Mobile Enrollment program supports Internet Explorer, Mozilla Firefox and Google Chrome web browsers. However, for on-premise MDMs, Internet Explorer is not recommended.
There are three essential steps for completing the Knox enrollment process.
You can configure your Mobile Device Management profile as either a ‘Device Admin’ or as an ‘Android Enterprise Profile/Device Owner‘ profile.
On configuring a Device Admin profile, you need to enter a profile name along with the downloadable links of one or more MDM agent APKs. If more than one APK is added, one must be chosen as the primary APK which manages the Knox profile.
For configuring an Android Enterprise MDM profile, your MDM vendor must be enrolled in the Android Enterprise program. This enables you to add the downloadable links for the Hexnode for Work app. Some of the additional options provided for Android Enterprise enrollment are – enabling or disabling all system apps, adding company name, and enabling dual DAR to secure KME data with two layers of encryption.
Authorized Samsung resellers can automatically upload purchased devices using their IMEI, MEID, or serial number. The resellers must be registered in the Knox portal by providing their reseller ID. They can also bulk enroll devices by uploading a CSV file filled with the required device details.
This application helps streamline the enrollment of Knox devices. It enables an IT admin to upload the device directly, without the assistance of a reseller. This app is installed on a designated primary device, which can be used to assign existing profiles along with Wi-Fi configurations, to the target devices. The following deployment options are available for KDA.
Once the devices have been enrolled, you can configure and manage these devices by assigning or modifying their MDM profiles, providing them with user credentials, and adding tags that allow organizations to search for their device. To configure devices in bulk, you can edit the CSV file with the required changes and upload it.
For more information on configuring devices to the KME portal, refer to our detailed help guide on Samsung KME. Also, you can view the official Knox documentation on enrolling and configuring Knox devices to KME.
Hexnode facilitates integration with the KME portal to provide a quick and automated way to enroll and manage Samsung Knox devices in your organization. KME is the preferred management tool for Knox devices and is used by enterprises that favor enrolling devices in bulk.
Manually tracking and configuring thousands of devices can be a time-consuming process. With Knox Mobile Enrollment, this becomes a simple process. Using KME with Hexnode, it is possible to configure profiles and enroll up to 10,000 devices to your portal at a time, by uploading a CSV file containing the device’s IMEI, MEID, or serial number. Furthermore, additional user information can also be pushed during device enrollment, providing better access to device applications.
Enrolling devices via an MDM solution usually requires work from the user-end, including navigating the website and downloading the software. There are chances of mistakes due to human error, which can frustrate the IT admins and result in a wastage of time. KME with Hexnode provides streamlined enrollment of devices, with no input required from the user end. As soon as the device is powered on and connected to a network, it gets directly enrolled in the configured portal. The required software, security settings, and configurations are installed via the MDM agent.
In most managed android devices, it is possible for a user to remove remote management by factory resetting the device. With KME and Hexnode, once a Knox device is enrolled, even if it is factory reset by the end-user, the device gets re-enrolled on reset with the pre-applied policies and configurations.
With Hexnode and KME, it is possible to recover a device that has been locked by Google’s Factory Reset Protection settings. This can be done by enabling the ‘skip setup wizard’ and disabling the ‘allow user to cancel enrollment’ options during profile configuration.
The Knox Mobile Enrollment service supports multiple MDM platforms and enrollment configurations at the same time. This provides your enterprise with flexibility while configuring devices.
Hexnode provides support for Android Enterprise enrollment using KME, for Knox devices running versions 2.8 and above. Currently, Hexnode does not support Profile owner enrollment for Knox devices.
Utilizing Hexnode with KME provides you with the option to skip setup steps during profile configuration. This further enables you to streamline the enrollment process.
Knox Mobile Enrollment is being utilized in various industries ranging from education, finance, and public safety to government offices and the retail sector. Notable organizations, including UK railway operator Abellio and government organizations from Ukraine and Latin America, use KME to provide simplified device management and enhanced security to its users and employees.
Utilizing Hexnode’s Mobile Device Management solution along with the Samsung Knox Mobile Enrollment program can provide your business with a multitude of device management strategies, suitable for almost any business model. Try out Hexnode free for 14 days and make the most out of Samsung Knox Moblie Enrollment.
Try out Knox Mobile Enrollment using Hexnode MDM and streamline the deployment of Samsung Knox devices to your organization.TRY OUT HEXNODE