This section covers how to enroll and unenroll devices using KME. In addition to the information described in this topic, a device can be enrolled using the Knox Deployment App (KDA) to either enroll a device using Bluetooth, NFC or Trigger based enrollment. For more information, go to: Using the Knox Deployment App (KDA).
Samsung recommends a viable device enrollment plan, as an IT department can become overwhelmed with time-consuming, monotonous tasks that, by themselves, add little value to the organization. An enrollment program helps an organization's IT administrator account for all the devices proliferating their enterprise, and ensure the devices do not introduce security risks through configuration vulnerabilities and malware because they lack aggressive security controls.
IT admins can enroll up to 10,000 devices using Knox Mobile Enrollment. If your enterprise needs to enroll more than 10,000, contact Samsung Knox Support.
IT admins can provide end users with the following instructions to complete device enrollment:
To unenroll devices, you need to first remove the IMEI from the Knox Mobile Enrollment portal. After that, a factory reset or MDM console initiated unenrollment can be performed to completely recover the device. If needed, contact your carrier or reseller to obtain the list of the IMEIs of your users’ devices.
Devices enrolled in KME receive MDM client updates if enrolled directly through the MDM console.
Applications must be available in Google Play and an auto-update of Google Play must be enabled.
There are three different kinds of user credential based enrollment types, including:
You can enroll devices with end user credentials configured on each device before distributing them to their intended users. A staging credential ensures the device is enrolled, but still requires end user input to finalize registration.