Samsung Knox Mobile – Enrolling Devices

Contents

This article will cover how organisations can enrol devices onto NHSmail Intune using Samsung Knox.

1. Prerequisites

The technical pre-requisites are required before a Samsung Knox Mobile Device can be enrolled with Intune:

A Microsoft Intune environment up-and-running with at least one Corporate-owned enrolment profile enabled such as dedicated devices or fully managed user devices.
Samsung devices with Knox version 2.8 or higher.
A Samsung Knox account.

Please note:

If an organisation wishes to use Samsung Knox for device management, they will need a Samsung Knox Enterprise account and LAs will need a Samsung Knox tenant configured.

2. Samsung Knox Mobile Enrolment

The following steps below detail how to complete enrolment using Samsung Knox:

1. Navigate to the following URL: https://central.samsungknox.com/

2. On the Solutions page, click Knox Mobile Enrolment.

3. Select I have read and agree to the Samsung Knox Mobile Enrolment Terms and Conditions (if you do) and click Accept.

4. In most cases your request will have the status PENDING for a short time. In some cases, this status may show for a few hours. Once activated, you can click Launch.

3. Create an MDM profile

Once you have activated the Samsung Knox Mobile Enrolment, you can create an MDM profile. Below are step by step instructions on how to create an MDM profile.

1. If this is the first time you have logged in you will see the message below. Click Get Started.

2. Open the MDM Profiles page and click Create Profile.

3. Next, select Android Enterprise.

4. Please follow the instructions below to complete this step:

Give this MDM Profile a Profile Name and a Description (optional).
Select Let MDM choose to enrol as a Device Owner or Profile Owner (changed since Android 11)
Select Microsoft Intune as your MDM solution.
Fill in the following MDM Agent APK: https://aka.ms/intune_kme_deviceowner

5. Leave everything else as default and click Continue.

6. Open a new browser tab and navigate to the Microsoft Endpoint Manager admin center.

7. Open your corporate-owned device enrolment profile and copy the Token (see screenshot below).

8.Now, go back to the Samsung Knox admin portal.

9. Fill in the following Custom JSON Data: {“com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN”: “your Intune MDM Profile token code”}

10. Replace [your Intune MDM Profile token code] with the Token copied in previous step.

11. Fill in your Company Name and leave everything else default.

12. Click Create.

4. Samsung Knox Connection to Intune

The Knox platform for enterprise solution comes in a two-tiered offering:

1. Knox platform for Enterprise: Standard Edition

Standard Edition offers free additional policies you can use to provide enhanced security, manageability, and usability over your Samsung device fleet. The standard edition is free.

2. Knox platform for Enterprise: Premium Edition

Knox Platform Enterprise (KPE) offers Secure Container for encrypting and decrypting data and protects corporate data on a device with government-certified data encryption technology. There is a charge to the premium edition.

Please note:

Device and Software requirements: • Samsung Knox Enterprise runs on Android version (8) Oreo and above.

5. Configuring Knox Service Plugin

This section will provide instructions on how to configure the Knox Service plugin.

Please note:

This step is optional. Applications are managed in the Google Play Store which automatically deploys applications. In the Managed Google Play Store, applications are central, once an application has been approved by an LA, the application is approved for all organisations on the Intune tenant and is accessible to all LAs.

1. Within the Endpoint Manager console, navigate to Apps > Android Apps > Add.