Manage Samsung Knox devices with MDM

Samsung Knox is an advanced security layer built into the Samsung hardware to provide defense-grade security to corporate data by segregating personal and corporate data on devices. In addiiton to enhanced corporate data security, Samsung Knox also provides admins the capability to simplify the management and deployment of devices. It's multi-level security options allows enterprises to address the security concerns in the open source Android platform. Click here for the list of devices which support Samsung Knox.

As a measure to enhance data security, Samsung Knox creates a container to segregate corporate and personal data on devices. To access the container, the user must enter a Samsung Knox container specific password in addition to the device passcode. This creates an additional layer of security around the corporate data. It also provides automated onboarding and provisioning options that ensure the Knox security capabilities are available right out-of-the-box.

This Samsung Knox Management guide covers the following:

Why Samsung Knox management?

Mobile devices, though simplify corporate data access, also pose unique challenges to organizations, such as greater risk of loss and theft, complex mobile malware etc. Samsung Knox provides organizations that have adopted mobility, the perfect solution to secure corporate data on mobile devices. Here are a few benefits offered by Samsung Knox:

  • Hardware-based security: Samsung Knox devices are designed to ensure all round data security, including hardware and OS level security. The device integrity is verified immediately upon device boot up and is regularly checked for malware. If a malware is detected, Samsung Knox immediately restricts the access to business-critical data.
  • Data Segregation: With organizations moving towards the bring your own device (BYOD) trend, employees now access corporate data on personal devices. Therefore organizations must containerize corporate and personal data for effective management of sensitive business data on corporate devices. Samsung Knox provides an in-built container on devices to ensure corporate data cannot be accessed by unauthorised personal apps or malicious apps

Due to the enterprise-grade security features offered by Samsung Knox, these devices are being increasingly adopted in organizations. To ensure seamless Samsung Knox management, IT admins are deploying Samsung Knox manager or Samsung Knox MDM, to onboard devices and distribute all the required corporate configurations, apps and documents.

How to manage Samsung Knox devices using a Samsung Knox Manager?

Many mobile device management solutions, act as Samsung Knox manager (Samsung Knox MDM) and allow organizations to manage Knox devices and put these capabilities to the best of use. One example of a Samsung Knox manager is Mobile Device Manager Plus (MDM) which allows organizations to manage Samsung Knox devices and provides extensive support to Knox security capabilities.

From a business perspective, the recommended best practice is to leverage a mobile device management solution to simplify Samsung Knox management and provide enhanced security capabilities. These capabilities can be categorized into two parts.

Here's how MDM manages Samsung Knox devices and complements the Knox security capabilities:

How to enroll for Knox Management using Knox Mobile Enrollment?

Knox Mobile Enrollment is an out-of-the-box enrollment method which ensures compatible devices get enrolled with MDM on first boot-up, right after unboxing the devices. The complete enrollment process is automated and requires no user intervention - similar to Google's Zero Touch Enrollment for Android devices. 

For organizations performing large scale enterprise device roll outs, manually enrolling device after device is a cumbersome task. Knox Mobile Enrollment lets you enroll devices in bulk and also skip initial setup steps, ensuring users can begin using the device without having to configure the initial setup steps.

Another benefit for the devices enrolled using Knox Mobile Enrollment is mandatory management. In case users try to hard reset their devices, management will still be retained in them. This holds good even for misplaced or stolen devices; ensuring unauthorized personnel cannot use them. MDM also provides other proactive and reactive methods to secure misplaced or stolen devices

For the complete step-by-step procedure and prerequisites to perform Knox Mobile Enrollment using MDM, refer to our help document.

Knox Container using Mobile Device Manager Plus

Knox Management in Mobile Device Manager Plus (MDM) provides precise control of corporate data accessed by employees along with flexible mobile device management operations, without compromising on data security. By deploying Samsung Knox compatible devices using MDM, IT Administrators can

  • Activate Knox containers in employees' personal devices automatically.
  • Configure policies to secure corporate data inside the container.
  • Secure the container with robust protection.
  • Deploy required applications in the container.

With MDM, all these operations can be performed from a unified console. However, the only prerequisite to create a Knox container is to purchase Knox Workspace Licenses by creating a Knox Portal Account. Learn more here.

Knox containers ensure sensitive business data and user's personal data are demarcated, enabling the IT admin to have complete control over the work profile while having zero control over the user's personal profile. Here's how a Knox container is depicted on a device. 

Samsung Knox container with MDM

With regards to supported policies for the Knox container, MDM lets you define parameters to secure the container using a passcode; configure E-mailExchange ActiveSync accountsimpose restrictions to disable device level features and functionalities.

For organizations using custom enterprise apps for their specific needs, MDM lets you add and distribute them into devices equipped with Knox containers. Availability of custom apps for employees regardless of using personal devices enhances productivity, with zero compromise towards security.


Benefits of Samsung Knox MDM

Using a Samsung Knox MDM for management offers various advantages. Some of the benefits of a Samsung Knox MDM are:

  • Quick and easy deployment: By integrating with Knox Mobile Enrollment, MDM solutions can ensure zero-touch deployment of Samsung Knox devices managed by the organization.
  • Robust management of device: By creating Groups based on roles, hierarchy, or departments in organizations, IT admins can ensure all the required configurations and apps are available on the devices, immediately upon activation.
  • Additional support for configuration policies: MDM solutions support an extensive list of configuration profiles for Samsung Knox devices that complement the advanced security features on Samsung Knox devices. These configurations can be enforced on devices with no user intervention.
  • Comprehensive control over devices: With additional features such as Geo-tracking and Remote Control, organizations can simplify device maintenence with Samsung Knox MDM solutions.