This article will cover how organisations can enrol devices onto NHSmail Intune using Samsung Knox.
1. Prerequisites
The technical pre-requisites are required before a Samsung Knox Mobile Device can be enrolled with Intune:
- A Microsoft Intune environment up-and-running with at least one Corporate-owned enrolment profile enabled such as dedicated devices or fully managed user devices.
- Samsung devices with Knox version 2.8 or higher.
- A Samsung Knox account.
2. Samsung Knox Mobile Enrolment
The following steps below detail how to complete enrolment using Samsung Knox:
1. Navigate to the following URL: https://central.samsungknox.com/
2. On the Solutions page, click Knox Mobile Enrolment.
3. Select I have read and agree to the Samsung Knox Mobile Enrolment Terms and Conditions (if you do) and click Accept.
4. In most cases your request will have the status PENDING for a short time. In some cases, this status may show for a few hours. Once activated, you can click Launch.
3. Create an MDM profile
Once you have activated the Samsung Knox Mobile Enrolment, you can create an MDM profile. Below are step by step instructions on how to create an MDM profile.
1. If this is the first time you have logged in you will see the message below. Click Get Started.
2. Open the MDM Profiles page and click Create Profile.
3. Next, select Android Enterprise.
4. Please follow the instructions below to complete this step:
- Give this MDM Profile a Profile Name and a Description (optional).
- Select Let MDM choose to enrol as a Device Owner or Profile Owner (changed since Android 11)
- Select Microsoft Intune as your MDM solution.
- Fill in the following MDM Agent APK: https://aka.ms/intune_kme_deviceowner
5. Leave everything else as default and click Continue.
6. Open a new browser tab and navigate to the Microsoft Endpoint Manager admin center.
7. Open your corporate-owned device enrolment profile and copy the Token (see screenshot below).
8.Now, go back to the Samsung Knox admin portal.
9. Fill in the following Custom JSON Data: {“com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN”: “your Intune MDM Profile token code”}
10. Replace [your Intune MDM Profile token code] with the Token copied in previous step.
11. Fill in your Company Name and leave everything else default.
12. Click Create.
4. Samsung Knox Connection to Intune
The Knox platform for enterprise solution comes in a two-tiered offering:
1. Knox platform for Enterprise: Standard Edition
- Standard Edition offers free additional policies you can use to provide enhanced security, manageability, and usability over your Samsung device fleet. The standard edition is free.
2. Knox platform for Enterprise: Premium Edition
- Knox Platform Enterprise (KPE) offers Secure Container for encrypting and decrypting data and protects corporate data on a device with government-certified data encryption technology. There is a charge to the premium edition.
5. Configuring Knox Service Plugin
This section will provide instructions on how to configure the Knox Service plugin.
1. Within the Endpoint Manager console, navigate to Apps > Android Apps > Add.
2. Set the App type to Managed Google play app and click select.
3. Search for and approve the Knox Service plugin.
4. Navigate to: Device > Android > Configuration Profiles.
5. Click Create Profile.
6. Set the platform to Android Enterprise.
7. Set the profile to OEMConfig.
8. Click Create.
9. To create a profile, complete the relevant fields: Name, Description (optional) and select an OEMConfig app.
10. Search for and select the Knox Service Plugin.
11. Click Select and then Next.
13. Enter your KPE licence key.
14. Set your desired configurations and select Next.
15. On the Assignments tab, choose a group to assign the app and select Next.
16. Click Create.
Last Reviewed Date | 29/02/2024 |