Samsung KNOX EMM portfolio

Samsung has expanded its KNOX portfolio and completes its own MDM portfolio. Aside from KNOX on mobile hardware, administrators now have several services to choose from: Configure, Enroll, Manage and Maintain.

Samsung has developed over 3,000 APIs within KNOX solutions. Other EMM vendors can not access all of them, but that’s changing with Samsung’s new products. Because according to the manufacturer, a mixed operation of the in-house MDM system with other manufacturers is possible. For further information take a look on the Supported MDM vendors list.


Licenses are required for the following items. Please get prices or offers from Samsung or your EMM partners.

Samsung Enterprise Edition devices, currently the S8 (+) and Note8, have among other advantages (shown in detail below) licenses included.

KNOX Workspace

Samsung offers its own container similar to Android Enterprise. But Samsung has developed their own APIs (3,000+) and the hardware components mentioned below to harden their solution. As a result, professional data / services are strictly separated from personal data / services.

Similar to Android by BlackBerry, KNOX offers several security layers on mobile devices. So even in the hardware; a root of trust is implemented, which continues in the software: Secure Boot and Device Root Key, Secure Boot, Trusted Boot, TrustZone. SE for Android, integrity monitoring and warranty bit. Thus, a safe platform is guaranteed from the start of the device. As of KNOX 2.9, users are also alerted to activities of special apps if they want to access sensitive permissions in the background.

KNOX Mobile Enrollment (KME) – Enroll

Note: For Enrollment only devices from certified resellers, are possible to use.

For KNOX Mass Enrollment the devices can be loaded into the dashboard similar to the Apple DEP and an enrollment can be processed. Should a device be lost or stolen, resetting to factory settings will not cancel this connection. So you can be sure that the devices and your data are safe.
The KME Dashboard will also record any existing MDM system. When the device is set up again, the appropriate MDM client will be automatically downloaded, installed, opened, and filled up with the user data without a Google account.

KNOX Configure – Configure

With this service, administrators can bulk-deploy and provision the devices (Staging) from the KME on Samsung devices with KNOX 2.7.1 and later.


  • Automated deployment:
    Identification via IMEI, settings are retained even after factory reset, direct start after the wizard
  • Skip to the End-User Setup Wizard
  • Change the default settings
  • Remove bloatware
  • Adapt to a corporate design / corporate identity
  • Customizable power on / off screen, wallpapers, app shortcuts, app installs and autostart, bookmarks
  • Kiosk mode
  • Deactivation of the hardware keys
  • Advanced device configuration such as connection settings, dynamic updates, restrictable device features, device sharing and white / blacklisting

A special feature here are two different editions: Setup Edition and Dynamic Edition. The setup variant allows only a one-time pre-configuration and rebranding, the dynamic variant is a dynamic one. In addition, the Dynamic variant includes practical features such as the shortened Setup Wizard, Kiosk mode, or advanced hardware component settings (such as the camera).

This solution can also be combined with MDM solutions from other vendors as mentioned above. The policies are set restrictively, i. E. if one function should be enabled in one system and not in the other system, the setting that prohibits the function will be pushed. Samsung advises that the systems are configured identically.
KNOX Configure allows much deeper changes / adjustments. The MDM is responsible for user (group) specific settings and compliance checks and actions.

KNOX Manage – Manage

KNOX Manage is a new service and is a cloud-based MDM from Samsung and supports Android, iOS, Windows 10 and Tizen Wearable. The cloud is localized in Ireland for european customers and the connection to the internal infrastructure is realized using a cloud connector.
Because no personal data is processed when using this system, this should not pose a problem with the EU General Data Protection Regulation.


  • Management of the container
  • Firmware management
  • Administration of the interfaces
  • Certificate distribution
  • App management
  • (event-based) IT-policies

There is also a remote support solution: Via PC software, an admin can access a device remotely after code verification and works like Teamviewer. Pretty cool solution for First / Second Level Support or Helpdesk.

E-FOTA – Maintain

E-FOTA (Enterprise Firmware over the air) offers the possibility to specifically control OS updates. E.G. before an update will be available for all users, admins can test the update with a test group and then distributed in a targeted manner. You can also configure a user interaction. This service can also be used with different MDM systems as soon as they have implemented the function via an update.

Samsung Enterprise Edition

  • 3 years KNOX Configure Dynamic Edition licence
  • 3 years E-FOTA
  • 3 years manufacturer warranty
  • 3 years monthly security updates
  • 2 years guaranteed market availability

One Comment

  1. Pingback: MobileIron Core 9.6 update | 9to5MDM

Leave a comment