Knox Configure Troubleshooting Guide

ProKiosk mode features

On this page

Enable ProKiosk Mode to restrict a portion of a device's functionality to just a specific set of targeted applications. ProKiosk Mode is Samsung's advanced solution for transforming Samsung off-the-shelf devices into purpose-built appliances. ProKiosk Mode can restrict device operations to a single specific application or group of applications and limits unwanted device activity.

Profile information

The following sections describe how to uniquely configure a profile for devices deployed as a stationary kiosk. - For information on updating and replacing an existing device profile, go to: Updating an existing device profile.

A ProKiosk mode device remains in its ProKiosk state even after the device's profile is unassigned. Previously, when a profile was unassigned the user needed to factory reset the device using the Knox Configure Settings menu and device keys.

The Knox Configure portal does not support these special characters (# / $ * % ^ & \ ( ) + ? { } [ ]). Ensure they are not utilized when inputting characters during Kiosk profile creation.

NOTE - If a device is running Knox version 3.2 or higher, a device reboot is not required to enter ProKiosk mode when enrolling in Knox Configure or conducting a device push update.

NOTE - ProKiosk mode is not supported when using KC with a KME Device Owner (DO) profile.

General information

Set the following general information to define the Knox version utilized with the ProKiosk profile:

Select one of the following Device level settings to ensure the profile is correctly supporting a Knox or non-Knox Samsung device:
- Secured by Knox devices - Select this option if the devices receiving this profile utilize Knox. Once selected, refer to the Knox version drop-down menu and select the version of Knox currently residing on the devices receiving this profile.
- Other Samsung devices - Select this option if deploying Samsung devices that do not utilize Knox. When this option is selected, the Knox version drop-down menu is no longer available. The remainder of the profile configuration screen flow closely resembles the screen flow of Knox enabled devices. The KDA enrollment of Other Samsung devices is not supported. ProKiosk devices do not support Other Samsung devices.
Knox version - Use the drop-down menu to correctly select the version number. Ensure this setting is accurate, as newer Knox versions have the latest feature set available. To find the version number on the device, go to Settings > About device > Software info. The Knox version does is not required if Other Samsung devices is selected as the Device level setting.

NOTE - Enterprise edition profiles can only be supported by Enterprise edition licenses.

Profile

Set the following information for a ProKiosk profile to help differentiate it from other profiles with similar configuration attributes:

Profile name — Enter a unique profile name that has not already been used by an existing profile in your organization.
Profile description — This field is an optional means of providing a more detailed profile description.

NOTE - When defining a profile name, keep in mind the name is searchable parameter within the Profile screen's Search field.

Enrollment screen

Set the following enrollment screen information displayed on the device during enrollment. Required settings have asterisk appended to them.

Company name
Address 1
Address 2
City
State
Country
Zip code

Support contact details

Provide the required Phone number and Email contract resources device users refer to for support when encountering issues with their mobile device.

Device enrollment

Configure the following settings displayed within the device enrollment screen flow. If choosing not to customize the screens, the default Knox Configure enrollment screens and logos will be used by default.

NOTE - Preview the device enrollment screen flow before it's saved and committed to the profile by reviewing the PREVIEW area on the right-hand side of the DEVICE ENROLLMENT field. Use the < > navigation arrows to scroll through each screen in the enrollment flow as needed.

Set the following Welcome screen settings:

Skip welcome screen - Select this option to bypass a welcome screen within the device enrollment screen flow. If the welcome screen is skipped by selecting this option, it still displays on devices enrolled using the Knox Deployment App (KDA).
Customize welcome screen text - Select this option to display a field for entering a 400 character maximum welcome message. The welcome message can reviewed as its being composed within the PREVIEW area on the right-hand side of the screen.
Hide support link - Select this option to remove the support link from the enrollment welcome screen.

Set the following Agreements:

Skip Knox Configure Terms & Conditions and Privacy Policy - Select this option to accept to the Terms & Agreements and Privacy Policy on behalf of the user and skip this step within the enrollment screen flow. Even if the agreement portion of the enrollment flow is skipped, any applications with Device Administrator or other special permissions must still have their separate EULA accepted before the device user can proceed with enrollment.
Add additional Terms & Conditions and/or Privacy Policy - Select this option to define an additional agreement Title and agreement message Body. The additional agreement displays within the PREVIEW area as a checkbox that also must be accepted to proceed with enrollment.

Configure the following enrollment screen flow Branding elements:

Background fill - Use the drop-down menu to define the enrollment screen flow background color. Optionally select Upload image to select artwork for the background. The background image cannot exceed 2 MB.
Logo - Select a logo for preferred branding within the enrollment screen flow. The logo image cannot exceed 1 MB, and should have a 1:1 aspect ration for optimal fit within the enrollment screen flow.

Set the enrollment screen flow Foreground alignment to either Top, Center, or Bottom. Use the PREVIEW field as needed to assess how the enrollment screen content is aligned within each subsequent screen in the flow.

Enrollment preferences

Enable or disable the following preferences to determine whether device end users can cancel enrollment and skip the setup wizard:

Skip Google, Samsung and Carrier setup screens - Select this option to prohibit the device end user from cancelling enrollment and ensure the setup wizard in invoked.
Allow end users to cancel enrollment - Select this option to display a Cancel button on the lower let-hand side of the welcome screen and provide device users an option to cancel the enrollment screen flow.
Skip Setup Wizard and enable FRP Bypass - Select this option to bypass the setup wizard and prevent the device from being locked to a private Google account due to Factory Reset Protection (FRP).

Knox deployment application settings

Use the License drop-down menu to select the license used to assign to devices uploaded using the Knox Deployment App (KDA). If a license it not assigned here, the profile will not appear as an option for use with the KDA.

Applications and Widgets

The Applications and Widgets screen displays those applications and widgets that have been uploaded to your Knox Configure account. When an app license expires, it remains within the Applications and Widgets screen, but an app displays a red badge when expired.

The screen displays separate cards for each uploaded application or app acquired from the Google Play Store.

Display only selected applications and widgets - Select this option to display only those applications and widgets that have their card selected.
Source - Use the source drop-down menu to display only applications and widgets uploaded via an APK, from the Google Play Store or both.
Search - Utilize the Search field as needed to locate specific applications by application name, package name, or description.

If a new application is needed, select the ADD APPLICATION button. Select UPLOAD APPLICATION or ADD FROM GOOGLE PLAY STORE and complete the required fields for adding the new application.

When additional application review is needed, each listed application and widget card can be selected to display information in greater detail.

Optionally add a 245 character maximum Description to help differentiate this application from others that may have similar attributes.

If device administrator applications are needed for utilization with Knox Configure, refer to the SELECT DEVICE ADMINISTRATOR APPLICATIONS button (from within the Select apps and widgets screen) to select applications that uniquely perform device administration functions. Device users must accept a EULA for the device administrator application during configuration. Additionally, these applications are downloaded during configuration and may increase the time needed to complete the device configuration.

Select configuration - ProKiosk mode

The next step in the ProKiosk mode profile creation process requires an admin to specifically select PROKIOSK MODE from the Select a configuration screen to ensure the features available for profile creation are supported and included in the subsequent console screen flow.

Choose SELECT under the PROKIOSK MODE option to proceed with kiosk mode specific profile options.

Home screen & lock screen

Home activity

An IT admin can define a specific application as a kiosk's home activity, or place the device in WebKiosk mode.

To set the home activity:

Select either of the following Home activity options:

WebKiosk mode - Select this option to populate the console with additional Home screen wallpaper and Web bookmark fields unique to this mode. Keep in mind, applications selected previously in the profile creation flow will not be downloaded to the device if WebKiosk is selected as the Home activity. A Webkiosk mode session is invalidated, closed, and reset to the Kiosk home screen after 5 minutes of detected tablet inactivity. For more information on setting the Home activity to WebKiosk mode, go to: WebKiosk mode.
Pre-installed application - Select this option to download applications during device configuration. For more information on setting the Home activity to the pre-installed application option, go to: Pre-installed application.

WebKiosk mode

Select the WebKiosk mode option from the Home activity drop-down menu. The screen populates with additional Home screen wallpaper and Web bookmarks fields unique to this mode.

Select the Home screen wallpaper to upload the background image for the WebKiosk home wallpaper. The image must be in either .JPG or .PNG formats and cannot exceed 1 MB. The recommended image resolution is 1920 x 1080 pixels or higher to properly fit the WebKiosk homescreen. Once selected the preview image populates to the preview screen.
Select any of the bookmark anchors (+) within the preview image to launch the Add web bookmark screen. Provide the following information to place a bookmark icon on the selected bookmark anchor. When finished, select Submit to place the icon on the home screen's selected bookmark anchor.

NOTE - Select ROTATE PREVIEW as required to orient the home screen and its selected icons for an optimal home screen display.

Name - Provide a name of the bookmark icon that distinguishes it from others added to the home screen.
URL - Provide an accurate URL path to the location of the home page bookmark icon. Make sure the URL path starts with http://, http:// or ftp://.
Icon - Choose Select and navigate to the location of the intended home screen icon.

Pre-installed application

Select the + Use a different pre-installed application option from the Home activity drop-down menu.
Enter a valid package name within the resulting pop-up screen. The device's home activity requires at least one application, so the selection of an application is required.
Select Submit. Once submitted, the provided application is available for selection within the Home activity drop-down menu.

Display notification messages

Define whether the following notifications are displayed on a kiosk using this profile:

ALL — Displays all the notifications listed below.
Hide low battery notifications — Hide the status bar message, LED light, and other low-battery related notifications.
Hide full battery notifications — Hide the status bar message, LED light, and other fully charged related battery notifications.
Hide Nitz set time Notification — This option hides the warning message that normally displays when the device fails to retrieve date and time information from the network. The Nitz set time notification only appears on devices that have enabled the Automatic date and time and Automatic time zone options.

Status bar

Set the following status display options for the kiosk supported profile:

Hide status bar − Show or hide the status bar when the device is in ProKiosk Mode.
Hide clock − Hide the clock display on the status bar when the device is in ProKiosk Mode.
Hide system icons − Hide the display of the notification icons on the status bar when the device is in ProKiosk Mode.
Prevent the input method from being changed - Select this option to prevent the status input method from being changed by the device user.

Exit Professional Kiosk Mode UI

When the user long presses the power button, a screen containing the option to switch off ProKiosk Mode displays. The default text is "In sealed mode."

You can customize the screen in various ways:

ProKiosk Mode option - Provide your own label for ProKiosk Mode utilized by this profile.
ProKiosk Mode off - Provide your own label for the option to turn off ProKiosk Mode for this profile.
Exit passcode - End users enter this passcode to exit ProKiosk Mode on their device. This passcode must have a minimum of 4 characters and is a required field.
Custom Professional Kiosk Mode passcode Input UI - Indicate the Package name and Class name of the UI for used for exiting the device's ProKiosk Mode.

Lock Screen

A lock screen is also available to hide separate Time, Date, Owner information, Notifications, Help Text, Battery information and Shortcut widgets. Select one or all widgets as needed to visually inspect and hide widgets from the device display.

Lock screen wallpaper

Upload a wallpaper file in PNG. The device wallpaper displays before the user correctly enters a passcode and activates the device's full functionality.

Additional Home & lock screen settings (Knox 3.4 and above devices only)

NOTE - The following Home screen settings are available to devices running Knox version 3.4 and above only.

Home screen notifications

Select the Home screen check box and select On or Off to determine whether to display notification details when a Knox 3.4 or above device user touches and holds an app on the device home screen. Once selected, use the Allow user to change setting option to either Allow Home screen device user changes, Do not allow user changes or Do not allow and hide setting from user.

Applications & content

The applications and content selected and downloaded during configuration will increase the configuration time required.

Application restrictions

Disable the usage of other applications — Enter the package names of additional applications to prevent from device utilization.

Application installation restrictions
- Nothing - No application installation restrictions are applied to devices utilizing this profile.
- Installation blacklist - Select this option to upload a CSV file of device application package names that the device user is unable to install on their device. An admin can also manually enter the package names to exclude as well. The list of package names is refreshed and updated whenever the policy is updated.
- Installation whitelist - Select this option permit and allow exclude as well. the list of package names is refreshed and updated whenever the policy is updated.
- Block applications from unknown sources - Prevent the user from installing apps from sources other than the Google Play store.

Application update restrictions
- Nothing - No application update restrictions are applied to devices utilizing this profile.
- Update blacklist - Once applications are added to the update blacklist, they cannot be updated on the device beyond its current version. Enter the application package names using either a CSV file, or by entering them manually. The blacklist is updated whenever the policy is updated.
- Update whitelist - Once applications are added to the update whitelist, they are permitted to be updated to a newer version. Enter the application package names using either a CSV file, or by entering them manually. The blacklist is updated whenever the policy is updated.

Application URL restrictions
- Applications - Enter the destination of the specific applications (com.sample.packagename). The Applications field is mandatory for Kiosk and normal mode profile support.
- URL blacklist - Provide the URL(s) of the application package names excluded from a user's device. You may wish to blacklist non-enterprise apps (social media apps) to save costs
- URL whitelist - Provide the URL(s) of the application package names allowed on a user's device. Once you set the whitelist, users can only install apps listed on the whitelist.
- Prevent applications from being uninstalled - Enter the package name of applications you want to prevent the user from uninstalling.
- Prevent applications from being stopped - Prevents applications from being stopped by the system, other applications or the device user. If selecting this option, apps that would normally be stopped for reasons such as battery savings will still remain on and remain consumptive to the device battery.

Customize applications for configuration

Add application permissions - If necessary, add application permissions that are allowed when defined within the application manifest file.

Content

Add files to the Contents folder — Upload specific content, such as video, music, or digital books to the Content folder on the device.

Sound & display

Sound

Set the following kiosk profile's sound settings for deployed devices:

Set audio level - Set the volume level of the specified stream (Media, Notifications, System, Ringtone).
Device speaker - Set the device speaker to play all available sounds. Even if the user connects their device using an audio jack, each sound is still played through the phone or tablet's speakers.
Ringtone - Set the ringtone or notification tone to a specified audio file. The ringtone option is not supported on devices running Knox 3.0 or later.

Display

Set screen auto rotation to OFF - Enable or disable the auto-rotate feature of the device. You could also specify the rotational angle (e.g. 0°, 90°, 180°, 270°).
Remove lock screen - Remove the lock screen from the device. Pressing the power or home button will turn the screen on. Any previous user-configured lock screen settings such as secure pattern or device passcode unlock methods will also be removed.
Set screen timeout (seconds) - Specify the inactivity period that must be exceeded to timeout the device screen.
Screen always on when plugged in - Enable the screen to stay on when the device is connected to a power source.

Custom booting and shutdown animation

Administrators can customize boot animation by uploading images and setting the desired image orientation, dithering and size. Once created and uploaded, an admin can preview and verify the animation before assigning it to devices. When added into the console, the animation as a .qmg file for profile assignment.

Once verified, an admin can create a profile with relevant settings and add the animation file. The admin can then push the profile to specific assigned devices and verify the devices are configured properly with the animation file. For more information on creating and implementing custom animation, go to: Custom animation creation.

Clear a custom booting and shutdown animation — Removes an existing device boot or shutdown animation from enrolled devices.
Set a custom booting animation — Provide Animation, Loop, and Sound files played when the device is powered on. The Loop file plays continuously until the device has completed its boot process.
- Animation file - the animation file plays right after the "Powered by Android" screen.
- Loop file — It plays repeatedly until device has completed boot process (after the animation file is finished).
- Sound file — Submit an .ogg file played alongside the .qmg file. This file should be below 48 kHz. If your animation is silent, submit a silent .ogg file.
Set a custom shutdown animation — Provide Animation and Sound files played as the device shuts down.
- Animation file — The animation file plays when the device is powering off. Only .qmg files are permitted.
- Sound file — Submit an .ogg file played alongside the .qmg file. This file should be below 48 kHz. If your animation is silent, submit a silent .ogg file.
Select Brightness and use the slider to set the screen brightness according its surroundings.
Set auto brightness - Allows the device to automatically adjust the screen brightness according its surrounding.

Additional Sound & display settings (Knox 3.4 and above devices only)

NOTE - The following Sound & display settings are available to devices running Knox version 3.4 and above only.

General display

Select the General display checkbox to set the following device display options for Knox 3.4 and above supported devices:

NOTE - Each General display setting has an Allow user to change setting option to either Allow device user changes, Do not allow user changes or Do not allow and hide setting from user. These options can be set independently of each other and are persistent across subsequent logins.

Refer to the Adaptive brightness setting On and Off options to determine whether brightness adjustments are collected and applied automatically under similar lighting conditions.
Refer to the Accidental touch protection settings On and Off options to protect from unintended touch updates when the mobile device is placed in a dark place such as a pocket or purse.
Use the Screen zoom slider to make displayed items appear larger or smaller as their image size requires.
Use the Screen timeout drop-down menu to set a screen display inactivity timeout of either 15 seconds, 30 seconds, 1 minute, 2 minutes, 5 minutes or 10 minutes.

Navigation bar

Select the Navigation bar checkbox to display Button order options for Knox 3.4 and above supported devices.

Use the Button order drop-down menu to define one of the following navigation bar display options:

Normal (Recents, Home, Back) - Keeps the navigation bar button order in its current default position.
Reverse (Back, Home Recents) - Reverses the navigation bar button order from its default position, so the back function displays on the left, with home in the center and recents on the right.

Once the Button order is set, refer to the Allow user to change setting option to either Allow device user navigation bar changes, Do not allow user navigation bar changes or Do not allow and hide setting from user.

Notifications

Select the Notifications checkbox to display notification app badge icon display options for Knox 3.4 and above supported devices.

NOTE - Each Notification setting has an Allow user to change setting option to either Allow device user changes, Do not allow user changes or Do not allow and hide setting from user. These options can be set independently of each other and are persistent across subsequent logins.

Refer to the Application icon badges option and select On or Off to determine whether badges are utilized for displayed application notifications.

Status bar

Select the Status bar checkbox to set the battery percentage display for Knox 3.4 and above supported devices. Selecting On displays remaining batter percentage on the status bar, while selecting Off disables the battery percentage display. The Show battery percentage setting has an Allow user to change setting option to either Allow device user changes, Do not allow user changes or Do not allow and hide setting from user.

General sounds and vibrations

Select the General sounds and vibrations checkbox to display device sound and vibration options for Knox 3.4 and above supported devices. Options include:

NOTE - Each General sounds and vibrations setting has an Allow user to change setting option to either Allow device user changes, Do not allow user changes or Do not allow and hide setting from user. These options can be set independently of each other and are persistent across subsequent logins.

Refer to the Vibrate while ringing On and Off options to set whether the mobile device vibrates upon receipt of an incoming call.
Set the Vibration pattern experienced on the mobile device upon receipt of an incoming call. Options include, Basic call, Heartbeat,Ticktock, Waltz, Zig-zig-zig, Off-beat, Spinning, Siren, Telephone, and Ripple.
Set the Use volume keys for media option to either On or Off to determine whether the media volume can be controlled by default when a volume key is pressed.

System sounds and vibrations

Select the System sounds and vibrations checkbox to display device sound and vibration options for Knox 3.4 and above supported devices. Options include:

NOTE - Each System sounds and vibrations setting has an Allow user to change setting option to either Allow device user changes, Do not allow user changes or Do not allow and hide setting from user. These options can be set independently of each other and are persistent across subsequent logins.

Refer to the Touch sound On and Off options to set whether tones are emitted when touching certain screen items.
Use the Screen lock sound On and Off options to set whether tones are emitted when locking or unlocking the screen.
Navigate to the Charging sound On and Off options to set whether tones are emitted when the mobile device begins charging.
Refer to the Dialing keypad tone On and Off options to set whether tones are emitted when tapping the dialing keypad.
Use the Keyboard sound On and Off options to set whether tones are emitted when tapping the Samsung keyboard.
Navigate to the Keyboard vibration On and Off options to set whether the mobile device vibrates when tapping the Samsung keyboard.
Refer to the Touch vibration On and Off options to set whether the mobile device vibrates when tapping navigation buttons or touching and holding items on the screen.

Device connectivity

Set the following connectivity settings for the kiosk profile and its intended device deployments:

Wi-Fi

Disable WiFi - Select this option to disable Wi-Fi on the device. Once disabled, neither the user or third-party application can enable Wi-Fi.
Default Wi-Fi settings - Set the current device Wi-Fi configuration as the default or leave the Wi-Fi On or Off.
Allow devices to switch from Wifi to mobile data when necessary - Select this option to enable advanced the Wi-Fi setting.
Network (optional) - Enter the SSID name and Password for the default Wi-Fi network.
Advanced Wi-Fi settings - Enter an SSID name and select the Security setting for this network. If applicable, enter a Password. Click Add another if you want to set up multiple Wi-Fi profiles. If necessary, a device can connect to a specified network with Proxy (optional) credentials delivered by Knox Configure using a proxy to communicate externally.

Bluetooth

Disable Bluetooth - Select this setting to restrict the device user and third-party applications from invoking the device's Bluetooth feature.
Default Bluetooth settings - Select Keep current settings to set the current device Bluetooth state as the default. Use On or Off to enforce a Bluetooth state and override current device Bluetooth settings.
Disable Bluetooth discoverable mode - Select this option to disable the device's capability to search, connect and share data with other Bluetooth enabled devices.

Location

Disable Location - Select this option to completely disable location services through either Wi-Fi and mobile networks.
Default location settings - This setting turns location tracking ON, OFF or keeps the current setting on the device as the default. Select Prevent user from changing location settings to prohibit the device use from changing the administrator defined location configuration once deployed to the device user.
Disable Mock location - Selecting this option disables mock location applications within the developer options, and significantly reduces a user's ability to provide inaccurate device location information.

NFC

Disable NFC - Select this option to disable all NFC settings on the device.
Default NFC settings - Set the current NFC setting as the default, or turn NFC On or Off by default.
Prevent users from changing NFC settings - Selecting this option restricts the device user from changing NFC settings locally on their device.

Airplane mode

Disable Airplane mode - Select this option to disable a device user's ability to disable Airplane mode on their device.
Default Airplane mode settings - Either Keep current settings, or turn the airplane mode On or Off.

Additional Device connectivity settings (Knox 3.4 and above devices only)

Advanced Wi-Fi

Select the Advanced Wi-Fi checkbox to display additional NFC beaming options for Knox 3.4 and above supported devices. Options include:

NOTE - Each Advanced Wi-Fi setting has an Allow user to change setting option to either Allow device user changes, Do not allow user changes or Do not allow and hide setting from user. These options can be set independently of each other and are persistent across subsequent logins.

Refer to the Switch to mobile data On and Off options to use mobile data whenever the current Wi-Fi network is detected as slow or unstable.
Use the Allow individual apps to switch On and Off options to switch apps to mobile data when a Wi-Fi connection cannot be established.
Navigate to the Turn on Wi-Fi automatically On and Off options to enable Wi-Fi in places where Wi-Fi has been used frequently.
Refer to the Detect suspicious networks On and Off options to receive notifications when suspicious activity is detected on the Wi-Fi network.
Use the Wi-Fi power save mode On and Off options to reduce battery consumption by analyzing Wi-Fi traffic patterns.
Navigate to the Hotspot 2.0 On and Off options to connect to Hotspot 2.0 supported access points without a password requirement.

Device settings

Set the following device settings for the kiosk supported profile:

Set locale - Select the language and country for the device's regional setting.
Time zone - Set the geographic time zone for the device's intended deployment area.
Automatic Time Update - Set the device to automatically updates its time and date information from the network.
Hide settings elements - Hide the following options from the device settings:
- All
- Bluetooth
- Location
- Wi-Fi
Keyboard - Select Customize keyboard options to enable the Predictive mode and Keyboard settings options. Once enabled, the predictive mode and keyboard settings options function independent from one another, so there are no constraints on using these options together.
- Predictive mode - Turn predictive mode On or Off as needed. Predictive mode attempts to complete a word on behalf of the user based on the initial characters entered when forming a word.
- Keyboard settings - Either Enable or Disable keyboard functionality on the device(s) utilizing this profile.
Hide power dialog elements - Hide the following options from the dialogue that appears when the user long presses the power button:
- Power off - Hides the kiosk device's power off button on the power screen.
- Restart - Hides the kiosk device's restart button on the power screen.
Disable OMC mode - Prevent the device from being customized by a source other than Knox Configure (i.e. Open Market Customization).
Power and battery settings - Set the following device power on/off options:
- Power on the device when connected to a power source — Set devices to automatically power on when connected to a power source.
- Power off the device when disconnected from a power source - Select this option to automatically power off a device when disconnected from its power source.
- Extend battery life by limiting the maximum charge when connected to a power source - Select this setting to better control battery thresholds and stop the charging process once the device battery reaches a maximum of 85% of total power to avoid issues with keeping the battery on the charger too long. This setting is available to tablet devices running Knox version 3.4 and above.

NOTE - The Power on the device when connected to a power source and Power off the device when disconnected from a power source options function separately from each other with no dependence on each other.

Additional Device settings (Knox 3.4 and above devices only)

Language and input

Select the Language and input checkbox to display additional keyboard utilization settings for Knox 3.4 and above supported devices.

Refer to the Show keyboard button On and Off options to display a keyboard button on the device navigation bar for an easier toggle between mobile device keyboard resources. Once set, refer to the Allow user to change setting option to either Allow device user keyboard changes, Do not allow user changes or Do not allow and hide setting from user.

Text-to-speech

Select the Text-to-speech checkbox to display speech engine, pitch, and speech rate settings for Knox 3.4 and above supported devices.

NOTE - Each Text-to-speech setting has an Allow user to change setting option to either Allow device user changes, Do not allow user changes or Do not allow and hide setting from user. These options can be set independently of each other and are persistent across subsequent logins.

Refer to the Preferred engine drop-down menu to specify whether the Samsung text-to-speech Engine or Google Text-to-speech Engine is utilized as the speech recognition engine for text-to-speech conversion.
Use the Pitch slider to set the text-to-speech pitch rate in the range of 25-400.
Use the Speech rate slider to define the text-to-speech rate conversion used by the speech recognition engine. The setting is defined in the range of 10-600.

Restrictions

Device functionality

Restrict device features

ALL - Disable all of the settings listed under Device functionality.
- Prevent end users from using the camera.
- Prevent video recording if the camera is enabled.
- Prevent end users from capturing the screen.
- Prevent end users from using the microphone.
- Prevent audio recording if the microphone is enabled.
- Prevent end users from receiving SMS
- Prevent end users from sending SMS
- Prevent end users from receiving MMS
- Prevent end users from sending MMS
- Prevent end users from using the clipboard.
- Prevent end users from accessing the Settings menu.
- Prevent end users from using the 2nd SIM slot.

Disable hardware keys

ALL - Disables all hardware key functions.
- Volume up - Turn off Volume up hardware key functionality, rendering the device incapable of increasing its volume.
- Volume down - Turn off Volume down hardware key functionality, rendering the device incapable of decreasing its volume.

Security

The following security settings enable an IT admin to restrict specific access and storage capabilities to reduce vulnerabilities. For information on disabling biometric authenticators (fingerprint scanner, iris scanner, and facial recognition) on supported device models running Knox 2.9 or higher, go to: Security settings.

ALL - Disables all of the settings listed under Security.
- Disable SD card access - Prevents the device from reading data from a SD card or writing data to a SD card.
- Disable Software Updates (Firmware updates via Wi-Fi and Mobile networks). - Prevents the device from displaying software update notifications. Even if users have enabled automatic updates, these update packages will not download to the device.
- Disable factory reset- Prevents a user from factory resetting their device. When factory reset, Wi-Fi, and mobile data is disabled in Knox Configure. Consequently, the device is no longer able to update the profile they are enrolled in, and are unable to unenroll if need be. The device requires a network connection be re-established to receive updates and changes from Knox server resources.
- Disable device power off for users. — Prevents the user from turning the device off. The device will only turn off if you disable this setting or if the battery level is critically low.

Device connectivity

Roaming

Set the following roaming features for the kiosk profile and its data protection requirements:

ALL — Disables all of the settings listed under Roaming.
- Prevent end users from using mobile data while roaming.
- Prevent end users from syncing while roaming.
- Prevent end users from receiving WAP push messages while roaming.
- Prevent end users from making voice calls while roaming.

Tethering

Set the following data tethering settings to define how the profile shares Internet connection information with other mobile devices:

ALL - Disables all of the settings listed under Tethering.
- Prevent end users from using Bluetooth tethering.
- Prevent end users from using USB tethering.
- Prevent end users from using Wi-Fi tethering.

Security settings

Refer to the Security setting screen to disable some or all of the biometric authentication settings available to supported devices. To restrict end users from using other (non biometric) device functions, go to: Restrictions.

NOTE - If enabling or disabling biometric authentication, the device's password quality will be automatically set and the device's swipe option is no longer available.

All - Select All to disable all biometric security settings.
- Disable Fingerprint scanner - Disables a device's ability to use its fingerprint scanner as a user authentication option.
- Disable Iris scanner - Disables a device's ability to use its optical iris scanner as a user authentication option.
- Disable Face recognition - Disables a device's ability to use its facial recognition capability as a user authentication option.

Password Settings - Select the Disable password visibility when typing option to prohibit the display of the password characters when entering them on the mobile device.

Additional Security settings (Knox 3.4 and above devices only)

Location

Select the Location checkbox to display additional Wi-Fi and Bluetooth scanning settings for Knox 3.4 and above supported devices. Once these options are set, refer to the Allow user to change setting option to either Allow device user password visibility changes, Do not allow user changes or Do not allow and hide setting from user.

Wi-Fi scanning - Enable this setting to let applications use Wi-Fi for more efficient location detection, even when Wi-Fi is turned off.
Bluetooth scanning - Enable this setting to let applications use Bluetooth for more efficient location detection, even when Bluetooth is turned off.

Other security settings

Select the Other security settings checkbox to display password visibility settings for Knox 3.4 and above supported devices. Select On to make password characters briefly visible as they are typed and hides them shortly thereafter. Selecting Off disables the feature. Once set, refer to the Allow user to change setting option to either Allow device user password visibility changes, Do not allow user changes or Do not allow and hide setting from user.

APN Management

The Access Point Name (APN) is the name of the gateway between a carrier providing 2G, 3G, or 4G mobile network service for mobile devices, tablets or wearables. Devices must be configured with the correct APN details to establish connectivity. Only a single APN resource is available at one time, though an identical APN configuration with the same parameters can be defined.

Select Add new APN from the ACTIONS drop-down menu

Set as preferred APN - Select this option to make this APN the preferred Access Point resource supporting your device. This option is disabled by default.

Name
APN (Access Point Name)
MCC (Mobile Country Code)
MNC (Mobile Network Code)
Authentication type
- None
- PAP — Password Authentication Protocol uses a static username and password for authentication purposes.
- CHAP - Challenge Authentication Protocol creates a unique "challenge phrase" for each authentication attempt instead of using a standard username or password.
- PAP or CHAP
APN type
- Default - Used to connect to the Internet in general
- MMS - Multimedia Service
- SUPL - Stands for Secure User Plane Location, used by the device to connect to GPS services.
- DUN - Dial-Up Networking connections
- HIPRI - Indicates that apps should use the current APN settings when connecting to the Internet.
APN Protocol
- IPv4
- IPv6
- IPv4/IPv6
APN roaming Protocol — Specifies whether the device should use an IPv4 or IPv6 network.
Mobile virtual network operator type - Use the drop-down menu to select the appropriate mobile virtual network operator type (MVNO) allowing an APN configuration to be restricted when using particular MVNOs or subscriber accounts. Without the MVNO setting, custom defined APN configurations are selected according to MCC and MNC only, which specifies the mobile network a mobile device subscribes to, but not the particular retailer or reseller, or account on a network. Drop-down MVNO menu options include None, SPN (Service Provider Name), IMSI (International Mobile Subscriber Identity), or GID (Group Identifier Level 1). When a value other than None is selected, a MVNO value is also required.
Mobile virtual network operator value - Set the value that either matches service provides name (SPN), the unique subscriber account (IMSI) or global identifier level 1. The MVNO value is not required if the MVNO type is set to None.

MMS

MMSC — Multimedia Messaging Service Center
MMS Proxy
MMS Port
Server
Proxy
Port
Username
Password

Enterprise Billing

Use Enterprise Billing to separate billing between enterprise apps and personal apps. The Knox Configure client will ignore E-billing configurations on devices running the Android Q version operating system and above. The Knox Configure console provides a warning for now unsupported status of E-billing on the Q version operating system.

Provide the following data for Enterprise Billing support:

Profile name
Applications in Personal mode — Enter the package names of apps that will be used for business reasons. Your enterprise will be responsible for the data costs incurred by these apps.
Roaming — If you allow users to connect to data while roaming, enter the following information:
- APN name
- MNC
- MCC
CLEAR E-BILLING PROFILE & REVERT TO DEFAULT APN - Select this option to clear the existing APN profile configuration and revert to the default APN configuration.

Summary

On the left, review the settings configured for each category. Click on the General information and Additional EULA tabs to see the information that you've entered. If you need to make any additional changes, click Back. If you've verified that the settings are correct, click Submit. Select Back to top from the lower, right-hand, side of a screen to navigate back to the top of that respective screen. Select the DOWNLOAD PROFILE SUMMARY AS A PDF option to archive the profile summary settings in PDF for potential re-use in creating profiles for other accounts.