Knox Mobile Enrollment (KME) streamlines the initial setup and enrollment of corporate-owned and employee-owned devices. KME is the recommended tool when an enterprise requires bulk device enrollment with little configuration variance amongst the devices deployed.
For information on KME supported countries, go to: KME country availability.
Once an enterprise acquires its devices, their IT administrator utilizes Samsung’s Reseller Portal to upload user credentials. To mass deploy devices to end user employees, the IT administrator loads MDM configuration(s) to KME and assigns a profile to either a single or group of devices. For an overview and diagram of the KME workflow, go to Knox Mobile Enrollment workflow.
When the device is powered on, a Knox Mobile Enrollment setup wizard launches automatically and assists with the setup. The wizard launches a MDM agent, configures it, and ensures enrollment completes successfully by associating the correct devices with their target configuration profiles. For information on using the wizard, go to: Navigating the getting started wizard.
Samsung's KME provides the following device enrollment benefits:
Enterprise IT admins purchase devices from carriers, resellers, or distributors and provide their unique customer IDs. The devices are validated for correctness by their sellers in KME, and shipped to end users who open the box and boot their device.
Refer to the following describing the KME process flow activities within the illustration above:
The IT Admin configures the devices by assigning them to a MDM profile and optionally adding username/password information to each device. Devices can be automatically assigned to a profile.
The following table is a general guideline on Knox software support requirements. OS version may impact support features.
Factory reset protection (FRP) is supported across all carriers with devices that have Knox 2.8 and above and Android N, with the exception of AT&T. AT&T requires Android N with an MR.
An enterprise IT administrator with authority to enroll devices on behalf of their business registers for a KME account from the Samsung Knox portal. As soon as Samsung validates the KME account, the IT administrator can review employee enrollment status to ensure each submitted device is assigned to its correct enterprise end user resource and configuration profile.
Submitted devices can be edited or removed from the enrollment portal at any time by the IT administrator. The IT administrator can optionally submit additional devices with the creation and upload of a CSV file containing the device IMEI, MEID or serial number, username and password, and additional MDM permitted data. Once users activate and connect a device to a stable Wi-Fi, they can submit the device for enrollment. If a stable Wi-Fi connection is problematic, an alternative enrollment resource is available to the IT administrator at Samsung KNOX Mobile Enrollment
Once registered, a device’s profile enrollment status is available under a separate tab to assess whether enrollment is pending, rejected, ready, activated or rejected. MDM configuration profiles can be edited, deleted or added at any time. The KME portal utilizes an additional tab to register device resellers. Reseller registration allows Samsung to verify device ownership and prevent unauthorized enrollment, as only authorized Samsung resellers can be registered.
While most authorized Samsung resellers can submit purchased device IMEIs to KME on behalf of their customer, some resellers are without this capability. In this case, a device list must be imported to the business’s KME account by the enterprise IT administrator.
Lastly, reseller verified devices are shipped to end users who open the box and boot their device to complete enrollment. If needed, the KME portal utilizes an additional device user’s tab to edit, delete, add, or import user credentials into their intended device’s CSV file.