Samsung: Unification becomes Harmonization

Samsung offers its own hardware-based security solution on Android for its devices: Knox. It won´t be an independent solution for long, as Samsung and Google see many similarities in their solutions. Furthermore, there will be major changes in Android and Android Enterprise with Android 10, so Samsung had to act. What was known as Unification last year is now called Harmonization, and Samsung’s solution is now called Knox Platform for Enterprise (Premium).

Technically, the solution will remain identical: Using the new solution, Android Enterprise activation will be performed and extended with Knox 3.x APIs. Thus the business perimeter uses the hardware based security functions of the Samsung devices. Here, however, there are dependencies on the MDM system used in each case. So it is regarding how and when the EMM vendors will implement the Samsung solution. However, devices currently on the market will continue to support Knox 2.x, known as Knox Workspace.

The activations are then ascending according to security functions:

  1. Android Enterprise
    Managed Google Play and Management Policies
  2. Knox Platform for Enterprise Standard Edition
    Hardware based sercurity features and more Policies
  3. Knox Platform for Enterprise Premium Edition
    Advanced security features such as Common Criteria mode

For the Premium Edition companies have to pay. In the case of BlackBerry UEM, however, this does not pose a challenge, because from the BEMS Collaboration Edition onwards, one Knox device with all functions can be activated at no extra charge, since the licenses of BlackBerry and Samsung are compared. So on AirWatch, MobileIron etc admins have to buy licences.

The different activation modes with the names of Android Enterprise and Samsung according to Knox API level:

  • COPE (Corporate Owned Personally Enabled):
    Android Enterprise: work profile on fully managed devices (Device owner + profile owner)
    Samsung Knox 3.x: COMP (Corporate Owned Managed Profile)
    Samsung Knox 2.x: CL/B2B
  • COBO (Corporate Owned Business Only):
    Android Enterprise: Work managed device
    Samsung Knox 3.x: Device Owner
    Samsung Knox 2.x: COM
  • BYOD (Bring Your Own Device):
    Android Enterprise: Work Profile
    Samsung Knox 3.x: Profile Owner
    Samsung Knox 2.x: BYOD

Customers can still work with both Knox API levels, but in the long run there will only be the possibility of Knox 3.x, which was introduced with Android Oreo on Samsung devices. This also makes sense. After the MDM manufacturers support this, the different activations also become apparent.
The advantage of the solution is that you can use an Android Enterprise activation with all its advantages on a Samsung device and secure the business data as well as the devices with the hardware based security functions.

After activation, the devices also clearly show which business perimeter you are using: