Creating a Setup profile
The Setup edition is designed for a one-time deployment of apps and settings to enrolled devices without incremental updates. To change the configuration of a device after the initial policies are set, devices must be factory reset and the new policies must be re-applied.
If configuring a setup edition profile for a DeX device, go to DeX profile support for additional information on adding applications, bookmarks and home page settings unique to a DeX device.
Setup edition profiles are restricted from receiving a push update. A Dynamic profile can push update another Dynamic edition profile, and a Setup edition profile can push update a Dynamic edition profile. However, a Setup edition profile cannot update another Setup edition profile, nor can a Dynamic edition profile push update a Setup edition profile.
Set the following general information to define the device type and Knox version utilized with the device profile:
Select one of the following Device level settings to ensure the profile is correctly supporting a Knox or non-Knox Samsung device:
- Secured by Knox devices — Select this option if the devices receiving this profile utilize Knox. Once selected, refer to the Knox version drop-down menu and select the version of Knox currently residing on the devices receiving this profile.
- Other Samsung devices — Select this option if deploying Samsung devices that do not utilize Knox. When this option is selected, the Knox version drop-down menu is no longer available. The remainder of the profile configuration screen flow closely resembles the screen flow of Knox enabled devices. The KDA enrollment of Other Samsung devices is not supported. ProKiosk devices do not support Other Samsung devices.
- Knox version — Select the device's Knox version number. Ensure this setting is accurate, as newer Knox versions have the latest feature set available. To find the version number on the device, go to Settings > About device > Software info. The Knox version is not required if Other Samsung devices is selected as the Device level setting.
- Profile name — Enter a name that has not already been used by another existing profile in your organization.
- Profile description — This field is optional, but helpful in differentiating device profiles with similar attributes.
Set the following enrollment screen information displayed on the device during enrollment. Required settings have asterisks appended to them.
- Company name
- Address 1
- Address 2
- Zip code
Support contact details
Provide a Phone number and Email for device users to reach out to for support when encountering issues with their mobile device.
Configure the following settings displayed within the device enrollment screen flow. If you choose not to customize the screens, the default Knox Configure enrollment screens and logos are used.
Set the following Welcome screen settings:
- Skip welcome screen — Select this option to bypass a welcome screen within the device enrollment screen flow. If the welcome screen is skipped by selecting this option, it still displays on devices enrolled using the Knox Deployment App (KDA).
- Customize welcome screen text — Select this option to display a welcome message, up to a maximum of 400 characters. You can review the welcome message as it's being composed in the PREVIEW area on the right-hand side of the screen.
- Hide support link — Select this option to remove the support link from the enrollment welcome screen.
Set the following Agreements:
Configure the following enrollment screen flow Branding elements:
- Background fill — Use the drop-down menu to define the enrollment screen flow background color. Optionally select Upload image to select artwork for the background. The background image cannot exceed 2 MB.
- Logo — Select a logo for preferred branding within the enrollment screen flow. The logo image cannot exceed 1 MB, and should have a 1:1 aspect ration for optimal fit within the enrollment screen flow.
- Set the enrollment screen flow Foreground alignment to either Top, Center, or Bottom. Use the PREVIEW field as needed to assess how the enrollment screen content is aligned within each subsequent screen in the flow.
Enable or disable the following enrollment preferences for the profile:
- Run the Setup Wizard and prevent end users from canceling enrollment — Select this option to prohibit the device end user from cancelling enrollment and ensure the setup wizard is invoked.
- Allow end users to cancel enrollment — Select this option to display a Cancel button on the lower left-hand side of the welcome screen and provide device users with an option to cancel the enrollment screen flow.
Knox deployment application settings
Select a License to use with the Knox Deployment App (KDA). The license will be used to assign devices uploaded using the KDA and QR code enrollment.
The KDA provides a flexible option for IT admins needing to bulk enroll devices without a reseller. Using this app, you can reduce your bulk deployment time by using a primary device without factory resetting each device. Once they're enrolled, you can easily locate devices in the KC console.
QR code plus-sign (+) gesture enrollment is a additional device-side enrollment option. A QR code is a unique matrix barcode containing information about its attached item.
If a license is not selected here, this profile will not display as an option in the KDA or work with QR code-based enrollment. Only one license can be selected. If the current license is consumed or expired, an admin will need to assign another license.
If there are no listed licenses available within the License list, select the Enter License Key option. From the displayed Enter license key screen, provide a License name and License key, then click ADD. The newly created license is available for selection from the License list.
Product information screen
Customize the product information screen in the Knox Configure client:
- Product Name — Enter the product name displayed in the product information screen. If left blank, the name of the profile is used by default.
- Image — Upload a custom image to display in the product information screen. If you don't add an image, the default generic image is shown. The image size can be PNG or JPG format and can't exceed 2MB in size.
Optionally, configure an additional way for the device user to open the Knox Configure client:
Add a non-dismissible notification — Select this option to add a persistent notification that the device user can tap to quickly access the Knox Configure client.
- Application name — Enter the application name shown in the notification.
- Notification message — Enter the message shown in the notification.
Applications and widgets
Accessing the Library
Launch your KC console by clicking on the Knox Configure tile after signing into samsungknox.com. From the left-hand menu, choose Library.
From here, you can manage applications that can be used in your profiles. To add a new app, click ADD MOBILE APPLICATION.
There are two types of applications which can be added for mobile devices:
- Your own APK file
- A Google Play shortcut
When uploading your APK file, choose the proper file from your PC, and add a description (optional).
You can also select Activate Knox license. However, only a custom SDK/custom SDK (KLM) license can be used for application activation. You can request these keys from your license reseller. Once received, the key and application must be registered on the Knox Partner Portal before use. The application is downloaded on the device during configuration if a license is selected.
If you select ADD FROM GOOGLE PLAY instead, you need to provide a direct address to the Play Store app and an optional description. You can add as many apps as needed.
When an uploaded app is selected, you can click ACTIONS to update, download, or delete it. Click the app to view a popup with basic information about the app and all the uploaded versions.
If you want to add an application for your wearable device, the process is similar. Move to the WEARABLE APPS section and select ADD WEARABLE APPLICATION.
Like with mobile apps, there are two types of applications which can be added for wearable devices:
- Your own TKP or WGT file
- A Galaxy Store shortcut
To upload your own app, browse for the proper TPK or WGT file on your PC and give it a name. Optionally, provide a description for the app. If it's a watch face app, include that information in the description.
If you select the ADD FROM GALAXY STORE option, you need to provide a Tizen package ID, such as org.tizen.message or org.tizen.call. Ensure you enter the package ID, not the application ID. Also, provide an app name, version, and optional description. If it's a watch face app, include that information in the description.
App management in KC profiles
After adding profile information, you can add apps and widgets to your profile. Click ADD APPLICATIONS TO PROFILE to continue.
You can choose from apps already uploaded to your library or add a new one. To add a new app, follow the instructions outlined in the previous Library section.
When your uploaded app has more than one version, you can choose which one to be added to your profile.
Home & lock screen
- Device type — Select Phone, Tablet, or Galaxy Z Fold. After you select a type, the display options change and show the available features of that type.
- Customize favorite applications — Adds a row of pinned icons at the bottom of the screen. Some tablet models might not support this feature. You can customize the apps on both the Internal screen and Cover screen on Samsung Galaxy Z Fold series devices.
- Clear all favorite applications from the Home screen — Removes all favorite apps from the device Home screen. You can remove favorite apps from both the Internal screen and Cover screen on Samsung Galaxy Z Fold series devices.
- Clear all shortcuts from the Home screen — Removes all current app icons and widgets from the home screen. You can remove all shortcuts from both the Internal screen and Cover screen on Samsung Galaxy Z Fold series devices.
- Theme — Uploads a theme APK file for a specific OS. The theme configured according to the Android version is installed. This feature is unavailable on devices that do not support theme functionality.
- Default Home screen wallpaper — Uploads an image to use as the Home screen wallpaper. Samsung Galaxy Z Fold series devices have separate wallpapers on their Internal screen and Cover screen.
- Default Lock screen wallpaper — Uploads an image to use as the lock screen wallpaper. Samsung Galaxy Z Fold series devices have separate wallpapers on their Internal screen and Cover screen.
- Prevent end users from changing the Home screen and Lock screen wallpapers — Prevents device users from changing both the Home and Lock screen wallpapers. Use this setting to keep the device's wallpaper consistent between screens, which helps bolster your enterprise's branding.
- Device screen preview — Use the Select grid list to arrange phone app icons in a 4x4, 4x5 (Default), 4x6, or 5x6 grid, and tablet app icons in a 6x5, 6x6, 8x4, or 8x6 grid. If the device does not support the grid dimensions specified, this setting might cause the grid to be truncated.
A lock screen is also available to hide separate Time, Date, Owner information, Notifications, Help Text, Battery information, and Shortcuts. Select one or all widgets as needed to visually inspect and hide widgets from the device display.
Additional Home & lock screen settings (Knox 3.4 and above devices only)
Home screen notifications
Select Home screen, then select On or Off to toggle notification details when a device user selects and holds an app on the home screen of a device running Knox 3.4 or above. Once configured, use the Allow user to change setting option to Allow Home screen device user changes, Do not allow user changes or Do not allow and hide setting from user.
Sound & display
Set the audio levels for system, media, ringtone and device speaker volume.
- Set audio levels — Set the volume level of the specified stream (e.g. Media, Notifications, System, Ringtone).
- Device speaker — Set device speaker to play all sounds. Even if the user connects a device through the audio jack, sound is still played through the phone or tablet speakers.
- Ringtone — Set the ringtone or notification tone to a specified audio file. This setting only changes the ringtone for SIM 1 on dual-SIM devices. Note that this option is not supported on devices running Knox 3.0 and higher.
Set the following Setup edition profile device display options as user deployment requirements warrant:
- Set screen auto rotation to OFF — Enable or disable the auto-rotate screen display feature. You can also specify the screen's rotational angle (for example, 0°, 90°, 180°, or 270°). Note that this option is not supported on devices running Knox 3.0 and higher.
- Remove swipe lock screen — Remove the swipe lock screen from the device. The device will wake with the launcher or previous screen when the power key is pressed, and remain unlocked even if the power key is pressed again or the screen turns off. Only available if Knox version in Profile information is set to Knox 3.4 and above.
- Remove lock screen — Remove the lock screen from the device. Pressing the power or home button will turn the screen on and unlock the device. All lock types except for swipe lock are removed. This feature is only supported on devices running Android 8 and lower.
- Hide system bar — Hide the status bar, navigation bar, or system bar depending on the Android system on the device.
- Screen always on when plugged in — Enable the screen to stay on when the device is connected to a power source.
- Set the brightness — Select and use the Brightness slider to set the default device screen brightness. Select Set auto brightness to allow the device to automatically adjust the screen brightness according to the brightness of its surroundings.
- Set blue light filter — Select On from the drop-down menu to control the intensity of the device blue light if too bright in the dark. Once selected, the Opacity option can also be selected to enable a slider to refine the Opacity (density) of the device blue light display. If set to Off, the Opacity option is unavailable and the blue light setting cannot be modified. This feature may not work properly in some device which use a S/W blue light filter. It is recommended to test before deployment.
Set the default device font
Set the default device font
Set system font style — Set the system font to one of the following:
- Keep current settings
- Choco cooky
- Cool Jazz
- Gothic Bold
System font size — Use the preview area to test and select the font size.
- Larger font sizes — On supported devices, selecting this option allows you to increase the font size above 7pt. If your device is not supported, the largest font size will be utilized.
- Font size — Select a font size between 1-7pt. If you've selected the Larger font sizes option, on supported devices, additional font sizes may be available.
Custom booting and shutdown animations
You can customize the device boot animation by uploading images and setting the desired image orientation, dithering and size. Once created and uploaded, you can preview and verify the animation before assigning it to devices. When added to the console, the animation is a .qmg file for profile assignment.
Once verified, an admin can create a profile with relevant settings and add the animation file. The admin can then push the profile to specific assigned devices and verify the devices are configured properly with the animation file. For more information on creating and implementing custom animation, go to: Custom animation creation.
The custom display options are as follows:
- Clear a custom booting and shutdown animation — Remove an existing device boot or shutdown animation from enrolled devices.
Set a custom booting animation — Provide Animation, Loop, and Sound files played when the user turns the device on. The Loop file plays until the device has completed the boot process.
- Animation file — The animation file plays right after the “Powered by Android” screen.
- Loop file — A loop file plays repeatedly until device has completed boot process (once the animation file is finished).
- Sound file — Submit an .ogg file played alongside the .qmg file. This file should be below 48 kHz. If your animation is silent, submit a silent .ogg file.
Set a custom shutdown animation — Provide Animation and Sound files played as the device shuts down.
- Animation file — The animation file plays when the device is powering off. Only .qmg files are accepted.
- Sound file — Submit an .ogg file played alongside the .qmg file. This file should be below 48 kHz. If your animation is silent, submit a silent .ogg file.
Additional Sound & display settings (Knox 3.4 and above devices only)
Select General display to set the following device display options for devices running Knox 3.4 and above:
- Adaptive brightness determines whether brightness adjustments are collected and applied automatically under similar lighting conditions.
- Accidental touch protection can optionally protect from unintended touch inputs when the mobile device is placed in a dark place, such as a pocket or purse.
- Screen zoom makes displayed items appear larger or smaller as their image size requires.
- Screen timeout sets a screen display inactivity timeout of 15 seconds, 30 seconds, 1 minute, 2 minutes, 5 minutes, or 10 minutes.
Select Navigation bar to display Button order options for devices running Knox 3.4 and higher.
Use the Button order drop-down menu to define one of the following navigation bar display options:
- Normal (Recents, Home, Back) — Keeps the device's navigation bar button order in its current default position.
- Reverse (Back, Home, Recents) — Reverses the device's navigation bar button order from its default position so the back function displays on the left, with home in the center and recents on the right.
Once the Button order is set, refer to the Allow user to change setting option to either Allow device user navigation bar changes, Do not allow user navigation bar changes or Do not allow and hide setting from user.
Select Notifications to display notification app badge icon display options for Knox 3.4 and above supported devices.
Refer to the Application icon badges option and select either On or Off to define whether badges display when applications receive notifications.
Select Status bar to set the battery percentage display for devices running Knox 3.4 and higher. Selecting On displays the remaining battery percentage on the status bar, while selecting Off disables the battery percentage display. The Show battery percentage setting has an Allow user to change setting option to Allow device user changes, Do not allow user changes, or Do not allow and hide setting from user.
General sounds and vibrations
Select General sounds and vibrations to display device sound and vibration options for devices running Knox 3.4 and higher. Options include:
- Vibrate while ringing determines whether the mobile device vibrates when receiving an incoming call.
- Set the Vibration pattern experienced on the mobile device when receiving an incoming call. Options include, Basic call, Heartbeat, Ticktock, Waltz, and Zig-zig-zig.
- Use volume keys for media determines whether the media volume can be controlled by default when a volume key is pressed.
System sounds and vibrations
Select System sounds and vibrations to display device sound and vibration options for devices running Knox 3.4 and higher. Options include:
- Touch sound determines whether tones are emitted when touching certain screen items.
- Screen lock sound determines whether tones are emitted when locking or unlocking the screen.
- Charging sound determines whether tones are emitted when the device begins charging.
- Dialing keypad tone determines whether tones are emitted when tapping the dialing keypad.
- Keyboard sound determines whether tones are emitted when tapping the Samsung keyboard.
- Keyboard vibration determines whether the device vibrates when tapping the Samsung keyboard.
Applications & content
Set the following Setup edition profile restrictions for application and content utilization:
Disable system applications
- Disable all pre-installed browsers — Disables the internet browsers on the device.
- Disable Google Play store — Prevents the device from accessing the Google Play store to install additional applications.
- Disable S Voice — Disables the S Voice personal assistant on the device. An error may occur if you enable and deploy this setting to a device that does not support S Voice.
- Disable the usage of other applications — Enter the package name(s) of the applications you want to disable.
- Block applications from unknown sources — Prevents a user from installing apps from sources other than the Google Play store.
- Prevent applications from being uninstalled — Enter the package name(s) of applications end users are restricted from removing.
Launch automatically after configuration — Select the content that automatically displays when the device completes enrollment.
- Applications — Select the applications to launch automatically once the initial profile configuration is set.
- Launch immediately on every boot-up — Select this option to launch selected applications automatically each time the device is booted.
- Other content — Select additional content, such as a sound file, to add to your profile.
- Select an application to play the file — If you selected Other content, you need to select an application that can play the selected file.
- Launch immediately on every boot-up — Select this option to launch the selected other content automatically each time the device is booted.
- Download application during configuration — Add an application with this setting to ensure the selected application is downloaded during configuration and not in the background.
- Add application permissions — If necessary, add application permissions that are granted when defined in the application manifest file.
- Change application icon — Enter the package name of an app you have added to the profile and upload a custom image to use as the app icon.
- Change application name — Enter the package name of an app you have added to the profile and enter a custom name to distinguish the application.
Samsung Internet browser settings
These Samsung Internet browser settings are also applied to the preloaded Chrome application, but may not perform as intended depending on the Chrome version used.
Set the following profile browser settings for homepage selection and bookmark utilization:
- Set homepage — Enter the URL for the Samsung Internet browser home page.
- Add web bookmarks — Add the Title and URL of the web bookmarks for the Samsung Internet browser. If your users need to log in to an employee portal to access internal files, you may wish to add a web bookmark for that portal.
If necessary, upload a VCF file with the specific contact information you want to include with this profile.
Set the following profile content destination and file save options:
- Set content folder name — Provide a unique name for the folder where content from this profile are pushed.
- Add files to the Contents folder — Upload specific content, such as video, music, or digital books to the device Content folder.
- Additional content — Optionally select additional content to download during configuration. Any content you don't select will be downloaded in the background once configuration is complete.
Set the following connectivity settings for the setup edition profile and its intended device deployments:
- Default Wi-Fi settings — Set the current device Wi-Fi configuration as the default, or leave the Wi-Fi On or Off.
- Network (optional) — Enter the SSID name and Password for the default Wi-Fi network.
Advanced Wi-Fi settings — Enter an SSID Name and select the Security setting for this network. If applicable, enter a Password. Click Add another if you want to set up multiple Wi-Fi profiles. If necessary, a device can connect to a specified network with Proxy (optional) credentials delivered by Knox Configure using a proxy to communicate externally. For devices running Knox 3.4.1 and higher, you can also select the MAC address type. Click Add another to set up multiple Wi-Fi profiles.
- Disable Wi-Fi network blocking — Select this option to disable Wi-Fi network blocking for the defined SSID configuration. Samsung devices have Wi-Fi network blocking enabled by default, and disabling Wi-Fi network blocking may reduce AP connection and battery consumption issues for the specified SSID Wi-Fi configuration. This setting is available on Knox 3.5 and above supported devices, and XCover Pro devices running Knox version 3.4.1 and above.
- Default Bluetooth settings — Use Keep current settings to set the current device Bluetooth state as the default. Use On or Off to enforce a Bluetooth state and override current device Bluetooth settings.
- Default location settings — This setting turns GPS ON, OFF or keeps the current location setting on the device as the default.
- Default NFC settings — Set the current NFC setting as the default or turn NFC On or Off by default.
- Keep current settings, or turn Airplane mode On or Off.
- Turn on mobile data — Turn mobile data ON, OFF, or keep the current setting on the device.
Set the connection type when the user connects the device to a computer via USB:
- Keep current settings
- MTP — Allows the user to copy files between the device and a computer.
- PTP — Picture Transfer Protocol, the computer treats the device as a camera. Allows photo editing programs and other software apps to access photos on the device.
- MIDI — Musical Instrument Digital Interface, a connection type used by electronic musical instruments and computers to communicate with each other.
- CHARGING — Allows the device to charge, but not transmit data.
Additional Device connectivity settings (Knox 3.4 and above devices only)
Select Advanced Wi-Fi to display additional NFC beaming options for devices running Knox 3.4 and higher. Options include:
- Switch to mobile data allows the device to use mobile data whenever the current Wi-Fi network is identified as slow or unstable.
- Allow individual apps to switch allows the device to switch apps to mobile data when a Wi-Fi connection cannot be established.
- Turn on Wi-Fi automatically allows the device to enable Wi-Fi in locations where Wi-Fi has been used frequently.
- Detect suspicious networks allows the device to receive notifications when suspicious activity is detected on the Wi-Fi network.
- Wi-Fi power save mode reduces battery consumption by analyzing Wi-Fi traffic patterns.
- Hotspot 2.0 allows the device to connect to Hotspot 2.0-supported access points without requiring a password.
Set the following device settings to define how the end user device displays language, time zone, time updates, USB debugging mode and power save utilization.
- Locale — Select the language and country for the device.
- Time zone — Keep current settings or select the appropriate timezone for devices.
- Automatic Time Update — Set the device to automatically update its time and date information from a network resource.
Keyboard — Select the Customize keyboard option to enable the Predictive mode option. Once enabled, the predictive mode and keyboard settings options function independent from one another, so there are no constraints on using these options together.
- Predictive mode — Turn predictive mode On or Off as needed. Predictive mode attempts to complete a word on behalf of the user based on the initial characters entered when forming a word. This setting is only available on devices running Knox version 2.7.1 and above.
- Add keyboards — Add up to 5 third party keyboard on devices managed by Knox Configure using the Add keyboards setting. The appropriate keyboard application must also be installed on the device to be added successfully using Knox Configure.
- Default USB debugging mode — Define whether USB debugging is on or off for this specific profile.
- Disable OMC mode — Prevent the device from being customized by a source other than Knox Configure (i.e. Open Market Customization).
- Power on the device when connected to a power source — Set devices to automatically power on when connected to a power source.
- Power off the device when disconnected from a power source — Select this option to automatically power off a device when disconnected from its power source.
- Extend battery life by limiting the maximum charge when connected to a power source — Select this option to provide a maximum charge setting of 85% to avoid issues with keeping a tablet on its charger too long. When selected, a tablet device will stop charging once it reaches 85% of total available charge.
Remap hardware keys (XCover Pro and Tab Active Pro only)
Use this section of the Device settings profile configuration screen to remap hardware keys to launch a specified application, using either a long or short press action. Customizable hot key remapping combinations are also supported. For instance, users can launch one app with a short press action and another app with a long press action. When needed, select an available template for hot key mapping based on the intended key mapping configuration.
To remap hardware keys:
- under Remap hardware keys (XCover Pro and Tab Active Pro only), click ADD CONFIGURATION.
From Key mapping template, select Microsoft Teams to use a preconfigured template or Custom to create a custom key mapping configuration. The Microsoft Teams template provides a single-click option to enable walkie-talkie functionality with Microsoft Teams for XCover Pro and Tab Active series devices.
Set the following custom key mapping configuration:
- Key name — Specify whether the device's XCover key or Top key will launch the specified application using either a short or long button press.
- Key press type — Select whether a Short press or Long press hardware key press launches the selected application.
- Action type — Select either Launch application or Launch and exit as the action resulting from the specified short or long Key press type.
- Application package name — Correctly provide the package name launched by the selected XCover Pro or Tab Active Pro key and the selected key press type and action.
- Click DONE to save your key mapping configuration. You can repeat the process to define additional key mapping configurations.
- When completed, review the configurations customized for specific key mapping templates, keys, key press types, actions, and applicable packages.
Side key remapping
You can remap the side key to custom functionality for Knox 3.7 and above. The options available for this custom remapping are as follows:
Double-press of the side key — You can choose to allow or restrict the device user from double-pressing the appropriate key. You can turn this setting on or off.
- Turn on or off
- Quick launch camera
- Open Bixby
- Open specific app
Press and hold of the side key
- Wake Bixby
- Power off menu
Allow user to customize — You can choose one of three settings:
- Allow the device user to customize the action
- Do not allow the device user to customize the action
- Do not allow the device user to customize the action as well as hide the setting from the user
How do I remap the side key on devices?
- In the KC console, navigate to Profiles, and select the profile you want to modify.
- Once the profile configuration dashboard appears, click on Device Settings.
- Click the Edit button on the top right-hand side.
- Scroll down, and select the Bixby Key option in order to expand settings options.
- From there, you can set configurations such as the double-press of the side key or press and hold of the side key.
Additional Device settings (Knox 3.4 and higher devices)
You can prevent device users from accessing certain areas of their Samsung Keyboard as follows:
- Disable keyboard setting — Prevents device users from accessing their Samsung Keyboard settings.
- Disable all toolbar items in keyboard — Prevents device users from accessing their Samsung Keyboard toolbar items.
Language and input
Select the Language and input checkbox to display additional keyboard utilization settings for Knox 3.4 and above supported devices.
Show keyboard button toggles a keyboard button on the device navigation bar to allow for easier switching between mobile device keyboard resources. Once set, Allow user to change setting can Allow device user keyboard changes, Do not allow user changes, or Do not allow and hide setting from user.
Select Text-to-speech to display speech engine, pitch, and speech rate settings for Knox 3.4 and above supported devices.
- From the Preferred engine menu, specify whether the Samsung text-to-speech engine or Google Text-to-speech engine is utilized as the speech recognition engine for text-to-speech conversion.
- Use the Pitch slider to set the text-to-speech pitch rate in the range of 25-400.
- Use the Speech rate slider to define the text-to-speech rate conversion used by the speech recognition engine. The setting is defined in the range of 10-600.
Enable or disable the following security restrictions as needed for this specific profile and its intended device support:
- ALL — All of the Security restrictions are applied.
- Disable Software Updates (Firmware updates via Wi-Fi and Mobile networks) — You can set a FOTA block for devices so that even if the device user tries to manually update the device's firmware, it is blocked on the device. Only after the new device is enrolled in Knox Configure, KC will decide to permit the appropriate FOTA update to the device or not based on FOTA block option. If you set the FOTA block as on, then KC will block FOTA updates. If not, KC won't block it and the end user can select whether to accept the FOTA update or not. This restriction negates the chances of an OS mismatch on the device and ensures that all partner apps remain functional. Additionally, for devices running Knox 3.4 or higher and the Samsung T295 device, you can prevent the device user from updating the firmware of the device in download mode.
- Disable Multiple user mode — On supported devices, prevent more than one user account from being created.
- Disable Safe mode — Safe mode prevents the device from running third-party apps. Select this option to prevent users from enabling Safe mode.
- Disable firmware update in download mode — Prevents the device user from updating the firmware of the device while the device is in download mode. This feature is supported on devices running Knox 3.4 or higher.
Security settings (Knox 3.4 and above devices only)
Select Location to display additional Wi-Fi and Bluetooth scanning settings for devices running Knox 3.4 and higher. Once these options are set, use Allow user to change setting to Allow device user password visibility changes, Do not allow user changes, or Do not allow and hide setting from user.
- Wi-Fi scanning — Enable this setting to let applications use Wi-Fi for more efficient location detection, even when Wi-Fi is turned off.
- Bluetooth scanning — Enable this setting to let applications use Bluetooth for more efficient location detection, even when Bluetooth is turned off.
Other security settings
Select Other security settings to display password visibility settings for devices running Knox 3.4 and higher. Select On to briefly show password characters as they're typed, and hide them shortly thereafter. Selecting Off disables the feature. Once set, use Allow user to change setting option to Allow device user password visibility changes, Do not allow user changes, or Do not allow and hide setting from user.
An Access Point Name (APN) is the gateway between a carrier providing 2G, 3G, or 4G mobile network service and the mobile device. Devices must be configured with the correct APN information to establish data connectivity. Only a single APN resource is available at one time, though an identical APN configuration with the same parameters can be defined.
If adding or editing an APN resource, provide the following configuration details:
Set as preferred APN — Select this option to make this APN the preferred Access Point resource supporting your device. This option is disabled by default.
- APN (Access Point Name)
- MCC (Mobile Country Code)
- MNC (Mobile Network Code)
- None — No user credential validation exchanges are attempted.
- PAP — The Password Authentication Protocol (PAP) uses a static username and password for authentication purposes.
- CHAP — The Challenge Authentication Protocol (CHAP) creates a unique "challenge phrase" for each authentication attempt instead of using a standard username or password.
- PAP or CHAP
- APN Protocol
- IPv4/IPv6 — Both IPv4 and IPv6 formatted IP addresses are supported for the APN resource.
- APN roaming Protocol — Select whether the device should use an IPv4, IPv6 formatted network or both as a roaming protocol.
- Mobile virtual network operator type — Use the drop-down menu to select the appropriate mobile virtual network operator type (MVNO) allowing an APN configuration to be restricted when using particular MVNOs or subscriber accounts. Without the MVNO setting, custom defined APN configurations are selected according to MCC and MNC only, which specifies the mobile network a mobile device subscribes to, but not the particular retailer or reseller, or account on a network. Drop-down MVNO menu options include None, SPN (Service Provider Name), IMSI (International Mobile Subscriber Identity), or GID (Group Identifier Level 1). When a value other than None is selected, a MVNO value is also required.
- Mobile virtual network operator value — Set the value that either matches service provides name (SPN), the unique subscriber account (IMSI) or global identifier level 1. The MVNO value is not required if the MVNO type is set to None.
- MMS Proxy
- MMS Port
For information on adding DeX support for a profile (both Setup and Dynamic edition profile types), go to: DeX mode support.
Devices supporting Knox version 3.4 and above have an additional set of advanced features configurable for a Setup edition profile. Each can be separately enabled.
Enable Motions and gestures to display the following additional Advanced features for the Knox 3.4 or above supported profile. Each of the following can be turned On or Off for the profile, and has a separate drop-down menu to either Allow, or Do not allow device user changes or Do not allow and hide setting from user.
- Smart stay — When enabled, the screen remains unlocked as long as the device camera can detect your eyes looking at the screen. When you put the phone down or look away, the device will turn off based on the screen's current timeout settings.
- Smart alert — When enabled, smart alert informs the device user of missed calls and text messages by vibrating the phone when its picked up.
- Easy mute — When enabled, easy mute allows you to mute incoming calls and alarms by placing your hand on the screen. On Galaxy S8, S8+, S7 and S7 edge platforms you cam also mute calls and alarms by placing the phone face down on a flat surface.
- Palm swipe to capture — When enabled, this feature allows you swipe your hand across the device screen to capture the current device display. Once captured, the image resides in the screenshots album/folder in the gallery.
- Swipe to call or send messages — When enabled, this feature allows you to call or send messages by swiping your finger across a contact's information in the phone or address book.
On the left, review the settings that you've configured for each category. Click on the General information and Additional EULA tabs to see the information entered. If you need to make any changes, click BACK. When you have verified the settings are correct, select SUBMIT. Select the DOWNLOAD PROFILE SUMMARY AS A PDF option to archive the profile summary settings in PDF for potential re-use in creating profiles for other accounts.