Knox Premium Getting Started guide

Defining EMM policies

On this page

You can define the policies for both the entire device as well as the Knox Workspace container. You can also set up a different policy set for different user roles. Policies are sets of rules, which allow or disallow device functions (for example, disable device screenshots). Policies are also used to configure settings such as Email accounts and VPN. Roles allow you apply Policies to groups of users and their devices(for example, sales and marketing team).

Defining policies

Understanding the hierarchy of policies

Policy sets are applied in the order that they are listed in Samsung SDS IAM & EMM. You can create Policy sets containing overlapping or contradicting policies.

For example, in the first policy, you may allow users to take screenshots on their devices. In the second policy, you may disallow screenshots. If both policy sets are pushed to the same users, the one that is listed first in Samsung SDS IAM & EMM will be applied. In this example, since the policy set allowing screenshots is listed first, users will be able to take screenshots of their devices.

Modifying the default policy

A default policy has been created for you which allows all users to enrol their devices in your enterprise's EMM.

On the Samsung SDS IAM & EMM Admin Portal, click Policies and click Policy for allowing device enrollment.
- To modify who the policy applies to, on the Settings page, select the Roles that this policy applies to.
- To modify the device enrollment policy, expand Mobile Device Policies > Device Enrollment Settings and modify settings as necessary.
Click Save.

Defining policies for an Android device

On the Samsung SDS IAM & EMM Admin Portal, click Policies > Add Policy Set.
Enter a Name for the policy set.
Expand Mobile Device Policies. Set the policies that apply to all mobile devices.
Expand Samsung Knox Device Settings to set the additional policies that apply to Samsung Android devices.
Click Save.

Defining policies for the Knox container

On the Samsung SDS IAM & EMM Admin Portal, click Policies > Add Policy Set.
Enter a Name for the policy set.
Expand Mobile Device Policies > Samsung Knox Workspace Settings > Container Settings. Set the policies that apply to the Knox container.
If you need more detail about a particular setting, go to the Admin Portal Help > List of mobile device policies > Samsung Knox Workspace Settings.
Click Save.

Defining policies for an iOS device

On the Samsung SDS IAM & EMM Admin Portal, click Policies > Add Policy Set.
Enter a Name for the policy set.
Under the Settings column, expand the folder Mobile Devices Policies> iOS devices.
Set the policies that apply iOS devices.
Click Save.

Pushing policies manually to a device

On the Samsung SDS IAM & EMM Admin Portal, click Policies.
Select the policy that you want to push and click Push Policy.

NOTE — There is a delay between when policies are updated and when they are pushed. To change the delay period, go to Settings > Device Policy Management and change the Policy push delay from last edit setting.

Defining policies for the Knox User Portal

On the Samsung SDS IAM & EMM Admin Portal, click Policies.
Click Policies > Add Policy Set or click on an existing policy.
Expand Account Security Policies.
Set desired policies:
- Click Authentication and select Yes to set additional authentication methods when users log in to the Samsung SDS IAM & EMM User Portal.
- Click Password Reset and select Yes to set password reset methods for users who have forgotten their Samsung SDS IAM & EMM User Portal passwords.
- Click Password Settings to set requirements for complexity and other password requirements.