1. Home
  2. Device management
  3. Deploy & Migrate
  4. Samsung Knox Mobile – Enrolling Devices

Samsung Knox Mobile – Enrolling Devices

This article will cover how organisations can enrol devices onto NHSmail Intune using Samsung Knox.

1. Prerequisites 

The technical pre-requisites are required before a Samsung Knox Mobile Device can be enrolled with Intune:

  • A Microsoft Intune environment up-and-running with at least one Corporate-owned enrolment profile enabled such as dedicated devices or fully managed user devices.
  • Samsung devices with Knox version 2.8 or higher.
  • A Samsung Knox account.
Please note:

If an organisation wishes to use Samsung Knox for device management, they will need a Samsung Knox Enterprise account and LAs will need a Samsung Knox tenant configured. 

2. Samsung Knox Mobile Enrolment 

The following steps below detail how to complete enrolment using Samsung Knox:

1. Navigate to the following URL: https://central.samsungknox.com/

2. On the Solutions page, click Knox Mobile Enrolment.


3. Select I have read and agree to the Samsung Knox Mobile Enrolment Terms and Conditions (if you do) and click Accept.



4. In most cases your request will have the status PENDING for a short time. In some cases, this status may show for a few hours. Once activated, you can click Launch.



3. Create an MDM profile 

Once you have activated the Samsung Knox Mobile Enrolment, you can create an MDM profile. Below are step by step instructions on how to create an MDM profile.

1. If this is the first time you have logged in you will see the message below. Click Get Started.



2. Open the MDM Profiles page and click Create Profile.




3. Next, select Android Enterprise.




4. Please follow the instructions below to complete this step:




  • Give this MDM Profile a Profile Name and a Description (optional).
  • Select Let MDM choose to enrol as a Device Owner or Profile Owner (changed since Android 11)
  • Select Microsoft Intune as your MDM solution.
  • Fill in the following MDM Agent APK: https://aka.ms/intune_kme_deviceowner

5. Leave everything else as default and click Continue.

6. Open a new browser tab and navigate to the Microsoft Endpoint Manager admin center.

7. Open your corporate-owned device enrolment profile and copy the Token (see screenshot below).

8.Now, go back to the Samsung Knox admin portal.

9. Fill in the following Custom JSON Data: {“com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN”: “your Intune MDM Profile token code”}

10. Replace [your Intune MDM Profile token code] with the Token copied in previous step.

11. Fill in your Company Name and leave everything else default.

12. Click Create.

4. Samsung Knox Connection to Intune  

The Knox platform for enterprise solution comes in a two-tiered offering:

1. Knox platform for Enterprise: Standard Edition

  • Standard Edition offers free additional policies you can use to provide enhanced security, manageability, and usability over your Samsung device fleet. The standard edition is free.

2. Knox platform for Enterprise: Premium Edition

  • Knox Platform Enterprise (KPE) offers Secure Container for encrypting and decrypting data and protects corporate data on a device with government-certified data encryption technology. There is a charge to the premium edition.
Please note:

Device and Software requirements: • Samsung Knox Enterprise runs on Android version (8) Oreo and above.

5. Configuring Knox Service Plugin 

This section will provide instructions on how to configure the Knox Service plugin.

Please note:

This step is optional. Applications are managed in the Google Play Store which automatically deploys applications.  In the Managed Google Play Store, applications are central, once an application has been approved by an LA, the application is approved for all organisations on the Intune tenant and is accessible to all LAs.  

1. Within the Endpoint Manager console, navigate to Apps > Android Apps > Add.

2. Set the App type to Managed Google play app and click select.


3. Search for and approve the Knox Service plugin.




4. Navigate to: Device > Android > Configuration Profiles.

5. Click Create Profile.


6. Set the platform to Android Enterprise.

7. Set the profile to OEMConfig.

8. Click Create.

9. To create a profile, complete the relevant fields: Name, Description (optional) and select an OEMConfig app.

10. Search for and select the Knox Service Plugin.

11. Click Select and then Next.

Please note:

To make use of the Knox Platform Enterprise (KPE) features, enter your KPE licence key. This can be found in your Samsung Knox portal. 

12. Enter a profile name.

13. Enter your KPE licence key.

14. Set your desired configurations and select Next.


15. On the Assignments tab, choose a group to assign the app and select Next.

16. Click Create.


Last Reviewed Date 29/02/2024
Updated on 29/02/2024

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support
back to top