Android Enterprise device owner mode
On this page
This section provides information on Android Enterprise device owner mode and KME.
About Android Enterprise device owner mode
A device owner (DO) is a privilege assigned to an MDM or similar application to apply policies and restrictions to a device during setup. Using Knox Mobile Enrollment, IT admins and end users can now create an MDM profile and define themselves as a DO (Fully Managed Device) on devices running Knox 2.8 or later.
NOTE - If DO is utilized with a profile, the Associate a Knox license with this profile option is disabled. Similarly, if Associate a Knox license with this profile is selected, then the DO checkbox is disabled. If the user attempts to save a legacy profile and DO is set with a License key, then the Unable to save. Google Device Owner does not support a Knox License. Please remove the license and try again error message displays.
NOTE - When using KME with Knox Configure, be careful when unchecking the Leave all system apps enabled checkbox, as this may lead to conflicts with Knox Configure. For example, when setting the Samsung browser homepage, the Knox Configure policy will fail  if system apps are disabled (since system apps include the Samsung browser).
NOTE - Only a single APK is supported for a DO profile. For existing profiles, you need to remove all but a single APK to save the DO profile.
Android Enterprise device owner mode (Fully Managed Device) support is currently limited to AirWatch, MobileIron, IBM MaaS360, SOTI, Citrix, ManageEngine, BlackBerry, Sophos Mobile, Microsoft Intune, DuoSTATION, Snow Software, Knox Manage, Samsung SDS EMM, and FAMOC. Samsung anticipates additional MDM partners will follow suit in short order. For more information, contact your MDM directly.
To reference Samsung's partner support documentation directly from their support sites, refer to the following:
NOTE - Additional partner documentation and support sites will be added to this list as they become available.
If AirWatch is selected as the Supported MDM, refer to the Custom JSON Data (as defined by MDM) field and enter custom configuration data that is recognizable to the MDM. An acceptable format is as follows:
"gid": <group id of Airwatch tenant>
NOTE - For an Airwatch DO, ensure gid is used, as opposed to Device Administrator (DA) mode where groupid is used. Otherwise, incorrect information could be entered.