Eugene Raynor

Knox Mobile Enrollment: Samsung’s answer to the art of streamlined enrollments

Eugene Raynor

Feb 5, 2021

11 min read

With the rising popularity of mobile endpoints and its benefit of providing the ability to work remotely from any location on earth, corporate data is now available at your fingertips. But with such mobile endpoints, it is easier for people with malicious intent to expose your enterprise data and resources. There now exists a need to set up a wall of privacy and security for these devices, without jeopardizing your workforce’s productivity. How is this possible? Enter the Samsung Knox Mobile Enrollment Program.

What is Samsung Knox?

Knox is Samsung’s mobile defense solution. It acts as an additional layer of security molded into your Samsung device, to protect your corporate resources and maintain privacy between your personal and corporate data. It provides a safe and secure environment to store and manage enterprise data. This layer of security, called the Knox layer, is built into every device’s chipset during its manufacturing stage. With it, the devices can connect to the Knox cloud solutions, where businesses can configure, manage and deploy these devices to meet their specific needs.

What are the key benefits of the Samsung Knox program?

The Samsung Knox platform offers powerful security and control strategies for all Knox devices. It enables IT admins to manage endpoints, from configuration to device deployment, efficiently. Knox offers a wide variety of advanced security features including Hardware-backed security, app isolation, and data protection, along with a vast suite of management services like Knox Configure and, the hot topic of our blog, Knox Mobile Enrollment.
The Samsung Knox Feature Summary provides a quick reference to all the state-of-the-art features available for Knox devices.

What is Knox Mobile Enrollment?

Now, on to the subject of conversation, Knox Mobile Enrollment (KME) is a zero-touch enrollment service offered by Samsung that utilizes the cloud to streamline the deployment of Knox devices. It offers a quick and automated method for your enterprise to enroll devices in bulk, with minimal activity from the user end.
These devices are registered through either an authorized reseller, who bulk uploads devices on behalf of the requesting enterprise or, through IT admins who configure profiles to deploy to a group of devices. Once a device is registered and connected to a network, the apps and profiles are added, and the device automatically gets enrolled in the portal. This eliminates the errors which may occur with manual enrollment and makes the process streamlined and easy.

Deployment of Knox devices via Cloud
Deployment of Knox devices via Cloud
 

What are the prerequisites to be fulfilled to employ Knox Mobile Enrollment?

To utilize the Knox Mobile Enrollment program, there are specific conditions that must first be satisfied. The list of requirements include:

KME support in your country

The first step before you enroll and manage your Knox device is to make sure Knox Mobile Enrollment is supported in your country. For a detailed list of all KME supported countries, visit KME country availability.

A Samsung account

Your enterprise must have a registered Samsung account. You can create an account by going to the Samsung account creation page, fill in the required details, and activate it using a link sent to your enterprise’s registered email ID or phone number.

To create a Samsung account

  • Read and accept the terms and conditions laid out by Samsung.
  • Fill out your Name and Date of birth, along with your enterprise’s registered email ID or phone number.
  • Create a password for your account and click on ‘Next’.
  • A confirmation link or SMS will be sent to your registered email ID or phone number.
  • Click on the link to verify and activate your Samsung account

Samsung Account creation page
Samsung Account creation webpage
 

 

A Knox Portal account

Next, you need a Knox portal account. For this, you need to go to the Knox Mobile Enrollment page and enter the required information, after which they will send a confirmation mail to your account. After completing the registration, you can launch the console to create your first enrollment profile to add your registered resellers.

To create a Knox Portal account

    • In the Knox Portal, click on ‘Apply Now’.
    • Enter the work email ID that was used to register your Samsung account.
    • Read and accept the terms and conditions
    • Enter your basic information, user support, and verification details. Click on ‘Apply’ when done.
    • A confirmation mail will be sent. Click on it to activate your Knox Portal

Knox Portal Account creation page
Knox Portal Account creation page
    •  

 

Device support

As of now, around 260 Knox devices support Samsung Knox Mobile Enrollment. Currently, KME can enroll Knox devices via Android Device Admin enrollment as well as Android Enterprise enrollment, for both Profile Owner and Device Owner modes. It is also possible to enroll Samsung Knox devices to the KME portal using the Knox Deployment App (KDA).

Samsung Knox devices running Knox version 2.4 or higher support Android Device Admin enrollment using KME.

Samsung Knox devices above 2.7.1 purchased from a reseller participating in the Knox Deployment Program (KDA), will support Knox Mobile Enrollment (KME) using the Knox Deployment app.

Samsung Knox devices running Knox version 2.8 or higher can support Android Enterprise Device Owner enrollment using KME.

Samsung Knox devices running Knox version 2.8 or higher, along with an Android 10+ Operating System, will be able to support Android Enterprise Profile Owner enrollment using KME.

For a detailed list of devices supporting KME, visit devices secured by Knox.

An MDM provider that supports the Knox Mobile Enrollment program

A distinguished list of Mobile Device Management service providers, including Hexnode MDM, supports the utilization of the Knox Enrollment Program for Samsung Knox devices.

Schedule a free demo on Hexnode MDM with one of our Product Experts, and learn how Hexnode with KME can ease up the deployment of Knox devices to your enterprise.

Schedule a FREE Demo to see how Hexnode works with KME

The necessary firewall exemptions

This step includes adding the right firewall exemptions necessary to connect to the Knox Mobile Enrollment server securely. For more information, go to firewall exceptions.

A KME supported browser

The Knox Mobile Enrollment program supports Internet Explorer, Mozilla Firefox and Google Chrome web browsers. However, for on-premise MDMs, Internet Explorer is not recommended.

How do you enroll and configure Knox devices to your KME portal

There are three essential steps for completing the Knox enrollment process.

Knox Mobile Enrollment - Steps for device Enrollment and Configuration
Knox Mobile Enrollment – Steps for device Enrollment and Configuration
 

Configure MDM profile

You can configure your Mobile Device Management profile as either a ‘Device Admin’ or as an ‘Android Enterprise Profile/Device Owner‘ profile.

On configuring a Device Admin profile, you need to enter a profile name along with the downloadable links of one or more MDM agent APKs. If more than one APK is added, one must be chosen as the primary APK which manages the Knox profile.

For configuring an Android Enterprise MDM profile, your MDM vendor must be enrolled in the Android Enterprise program. This enables you to add the downloadable links for the Hexnode for Work app. Some of the additional options provided for Android Enterprise enrollment are –  enabling or disabling all system apps, adding company name, and enabling dual DAR to secure KME data with two layers of encryption.

Enroll devices to the portal

Samsung approved Resellers

Authorized Samsung resellers can automatically upload purchased devices using their IMEI, MEID, or serial number. The resellers must be registered in the Knox portal by providing their reseller ID. They can also bulk enroll devices by uploading a CSV file filled with the required device details.

Knox Deployment App (KDA)

This application helps streamline the enrollment of Knox devices. It enables an IT admin to upload the device directly, without the assistance of a reseller. This app is installed on a designated primary device, which can be used to assign existing profiles along with Wi-Fi configurations, to the target devices. The following deployment options are available for KDA.

Bluetooth
NFC
Wi-Fi Direct

Assign profile and configure devices

Once the devices have been enrolled, you can configure and manage these devices by assigning or modifying their MDM profiles, providing them with user credentials, and adding tags that allow organizations to search for their device. To configure devices in bulk, you can edit the CSV file with the required changes and upload it.

For more information on configuring devices to the KME portal, refer to our detailed help guide on Samsung KME. Also, you can view the official Knox documentation on enrolling and configuring Knox devices to KME.


Hexnode with Knox Mobile Enrollment: Benefits

Hexnode facilitates integration with the KME portal to provide a quick and automated way to enroll and manage Samsung Knox devices in your organization. KME is the preferred management tool for Knox devices and is used by enterprises that favor enrolling devices in bulk.

Configure and enroll devices in bulk

Manually tracking and configuring thousands of devices can be a time-consuming process. With Knox Mobile Enrollment, this becomes a simple process. Using KME with Hexnode, it is possible to configure profiles and enroll up to 10,000 devices to your portal at a time, by uploading a CSV file containing the device’s IMEI, MEID, or serial number. Furthermore, additional user information can also be pushed during device enrollment, providing better access to device applications.

Streamlined installation and setup

Enrolling devices via an MDM solution usually requires work from the user-end, including navigating the website and downloading the software. There are chances of mistakes due to human error, which can frustrate the IT admins and result in a wastage of time. KME with Hexnode provides streamlined enrollment of devices, with no input required from the user end. As soon as the device is powered on and connected to a network, it gets directly enrolled in the configured portal. The required software, security settings, and configurations are installed via the MDM agent.

Automatic re-enrollment on factory reset

In most managed android devices, it is possible for a user to remove remote management by factory resetting the device. With KME and Hexnode, once a Knox device is enrolled, even if it is factory reset by the end-user, the device gets re-enrolled on reset with the pre-applied policies and configurations.

Factory resetting a Samsung Knox mobile device
Factory resetting a Samsung Knox mobile
 

Facilitates recovery of FRP locked devices

With Hexnode and KME, it is possible to recover a device that has been locked by Google’s Factory Reset Protection settings. This can be done by enabling the ‘skip setup wizard’ and disabling the ‘allow user to cancel enrollment’ options during profile configuration.

Supports multiple MDM configurations per account

The Knox Mobile Enrollment service supports multiple MDM platforms and enrollment configurations at the same time. This provides your enterprise with flexibility while configuring devices.

Supports Android Enterprise enrollment

Hexnode provides support for Android Enterprise enrollment using KME, for Knox devices running versions 2.8 and above. Currently, Hexnode does not support Profile owner enrollment for Knox devices.

Enables skipping setup steps

Utilizing Hexnode with KME provides you with the option to skip setup steps during profile configuration. This further enables you to streamline the enrollment process.

Experience these features firsthand! Try out Hexnode with Samsung Knox

Knox Mobile Enrollment: Benefits to the industry

Knox Mobile Enrollment is being utilized in various industries ranging from education, finance, and public safety to government offices and the retail sector. Notable organizations, including UK railway operator Abellio and government organizations from Ukraine and Latin America, use KME to provide simplified device management and enhanced security to its users and employees.

Knox mobile devices in the office
Knox mobile devices in the office
 

Utilizing Hexnode’s Mobile Device Management solution along with the Samsung Knox Mobile Enrollment program can provide your business with a multitude of device management strategies, suitable for almost any business model. Try out Hexnode free for 14 days and make the most out of Samsung Knox Moblie Enrollment.

Share
Eugene Raynor

Seeking what's there lurking over the horizon.

Share your thoughts