A Guide to the Samsung Knox Offerings

Knox Configure

Knox Configure is a tool for remotely provisioning and configuring a fleet of Samsung mobile devices. Knox Configure is typically used at the deployment phase to create a gold master image that is pushed out to phones or tablets when they’re first powered on, anywhere in the world. It can also be used to create single-purpose devices, such as kiosks or point-of-sale (POS) terminals, by locking down other functionalities on the device, and has local functionality that lets you push configurations to devices that don’t have an internet connection through Bluetooth or NFC. Knox Configure can be used as a one-time tool (“setup”) to push specific configuration to a device when it’s first installed, or in “dynamic” mode, which allows IT managers to change configuration profiles in the Knox Configure portal and have the changes pushed over-the-air by clients.

Knox Configure is ideal where Samsung devices are dedicated to one application, especially if the devices are reloaded frequently. For example, if you’re considering using Samsung tablets as mobile point-of-sale, information kiosks or handouts for your next board meeting, Knox Configure fits the bill. It accelerates the installation and configuration process, quickly loading devices, putting them into Kiosk mode (if you want) and getting them up and running. If a device needs to be reconfigured and reinstalled, no big deal. Knox Configure makes that simple.

In a single-application environment, you may not need to use an MDM tool. Knox Configure can handle many of the usual tasks: changing settings, resetting devices and letting you know which ones are in your inventory. Knox Configure profiles also have variations, such as ProKiosk mode, which allows you to easily control devices running a single application — much more efficiently than most full-featured MDM tools.

Knox Configure is a cloud-hosted SaaS service operated by Samsung.

Knox Mobile Enrollment

A free tool, Knox Mobile Enrollment provides a quick, simple and secure way to automatically enroll many devices to your MDM/EMM. Its two major benefits are eliminating the time spent manually enrolling devices, and ensuring devices are managed from the moment the user powers one up.

Knox Mobile Enrollment is a cloud-hosted SaaS service operated by Samsung.

Knox Manage

Samsung’s cloud-based MDM/EMM solution targeted towards SMB, Knox Manage, can be used to manage Android, iOS or Window 10 devices, though of course, it’s most effective on Samsung Galaxy devices with the integrated Knox platform. Knox Manage provides administrators with hundreds of policies, including all the essentials such as whitelisting and blacklisting apps and websites. It also allows remote device control, event-based management, device location tracking and remote wipe capabilities.

Knox Manage is a cloud-hosted SaaS service operated by Samsung.

Knox Enterprise Firmware-Over-The-Air (E-FOTA)

E-FOTA controls when an OS or firmware update gets rolled out to your mobile devices.  Samsung E-FOTA supports three options: Selective Update, Forced Update and Time Control updates of mobile device firmware. 

With selective updates, administrators can select which firmware versions they want your enterprise devices to use. For example, you may wish to choose to push out an “interim” firmware update that is one version back from the most recent if they are not yet ready for the latest OS. You can also test internal enterprise apps against the new firmware update before offering it. Testing ensures business users can continue working on their work tasks using their mobile devices without interruption from a bad update. A selective update is helpful when there are different device models and builds across your enterprise. You can also plan updates by user group; for example, it can push an update to the field team but not executive management.

Forced updates are an option when your security team identifies an incoming threat, like a vulnerability, that could be used to attack your mobile devices. A forced update can be executed at any time to push the latest firmware updates to your organization’s mobile devices over the air. The key here is that end users don’t have to take any action, ensuring a complete rollout to protect all devices against an emerging threat.

Time control functions let administrators set update times, allowing business users to keep working on their enterprise tasks on their mobile devices without interruption. For example, administrators can schedule device updates to take place during a window of time that least affects employee productivity.

Knox E-FOTA is available as a cloud-hosted SaaS service operated by Samsung, an on-premise installation or a plugin to supported MDM/EMMs.

Knox Platform for Enterprise (KPE)

Provides access to advanced security features which can be used by another product (e.g. MDM). It provides best-in-class hardware-based security, policy management, and compliance capabilities beyond the standard features commonplace in the mobile device market. For a summary of features, see https://docs.samsungknox.com/admin/whitepaper/kpe/feature-summary.htm.

Knox Platform for Enterprise requires integration with a supported MDM/EMM. You must ensure your devices have access to Samsung Knox servers. When you activate Knox services, your devices will verify their license keys and exchange data with the Knox servers. Devices periodically check their licenses a few times a week.

Knox Suite

A single bundled license for cloud-hosted Knox Manage, Knox E-FOTA and Knox Platform for Enterprise.


  • https://insights.samsung.com/

Older Post