The Setup edition is designed for a one-time deployment of apps and settings to enrolled devices without incremental updates. To change the configuration of a device after the initial policies are set, devices must be factory reset and the new policies must be re-applied.
If configuring a setup edition profile for a DeX device, go to DeX profile support for additional information on adding applications, bookmarks and home page settings unique to a DeX device.
Setup edition profiles are restricted from receiving a push update. A Dynamic profile can push update another Dynamic edition profile, and a Setup edition profile can push update a Dynamic edition profile. However, a Setup edition profile cannot update another Setup edition profile, nor can a Dynamic edition profile push update a Setup edition profile.
Set the following general information to define the device type and Knox version utilized with the device profile:
- Select one of the following Device level settings to ensure the profile is correctly supporting a Knox or non-Knox Samsung device:
- Secured by Knox devices - Select this option if the devices receiving this profile utilize Knox. Once selected, refer to the Knox version drop-down menu and select the version of Knox currently residing on the devices receiving this profile.
- Other Samsung devices - Select this option if deploying Samsung devices that do not utilize Knox. When this option is selected, the Knox version drop-down menu is no longer available. The remainder of the profile configuration screen flow closely resembles the screen flow of Knox enabled devices. The KDA enrollment of Other Samsung devices is not supported. ProKiosk devices do not support Other Samsung devices.
- Knox version - Use the drop-down menu to correctly select the version number. Ensure this setting is accurate, as newer Knox versions have the latest feature set available. To find the version number on the device, go to Settings > About device > Software info. The Knox version does is not required if Other Samsung devices is selected as the Device level setting.
- Profile name — Enter a name that has not already been used by another existing profile in your organization.
- Profile description — This field is optional, but helpful in differentiating device profiles with similar attributes.
Set the following enrollment screen information displayed on the device during enrollment. Required settings have asterisk appended to them.
- Company name
- Address 1
- Address 2
- Zip code
Support contact details
Provide the required Phone number and Email contract resources device users refer to for support when encountering issues with their mobile device.
Configure the following settings displayed within the device enrollment screen flow. If choosing not to customize the screens, the default Knox Configure enrollment screens and logos will be used by default.
- Set the following Welcome screen settings:
- Skip welcome screen - Select this option to bypass a welcome screen within the device enrollment screen flow. If the welcome screen is skipped by selecting this option, it still displays on devices enrolled using the Knox Deployment App (KDA).
- Customize welcome screen text - Select this option to display a field for entering a 400 character maximum welcome message. The welcome message can reviewed as its being composed within the PREVIEW area on the right-hand side of the screen.
- Hide support link - Select this option to remove the support link from the enrollment welcome screen.
- Set the following Agreements:
- Configure the following enrollment screen flow Branding elements:
- Background fill - Use the drop-down menu to define the enrollment screen flow background color. Optionally select Upload image to select artwork for the background. The background image cannot exceed 2 MB.
- Logo - Select a logo for preferred branding within the enrollment screen flow. The logo image cannot exceed 1 MB, and should have a 1:1 aspect ration for optimal fit within the enrollment screen flow.
- Set the enrollment screen flow Foreground alignment to either Top, Center, or Bottom. Use the PREVIEW field as needed to assess how the enrollment screen content is aligned within each subsequent screen in the flow.
Enable or disable the following enrollment preferences for the profile:
- Allow end users to cancel customization — If you don't select this option, devices will automatically be enrolled in Knox Configure after the device profile has been approved.
Knox deployment application settings
Use the drop-down menu to assign a License for use with the Knox Deployment App (KDA). The license will be used to assign devices uploaded using the KDA and QR code enrollment.
The KDA provides a flexible option to IT admins needing to bulk enroll devices without a reseller. Using this app allows IT Admins to reduce their bulk deployment time, by using a primary device without factory resetting each device. Once enrolled, an IT admin can easily locate the devices within KC console.
QR code plus-sign (+) gesture enrollment is a additional device-side enrollment option. A QR code is a unique matrix barcode containing information about its attached item.
If a license is not selected here, this profile will not display as an option in the KDA, or work with a QR code based enrollment. Only one license can be selected. If the current license is consumed or expired an admin will need to assign another license.
If there are no listed licenses available within License drop-down menu, select the Enter License Key option. From the displayed Enter license key screen, provide a License name and License key, then select the ADD button. The newly created license is then available for selection from within KNOX DEPLOYMENT APP SETTINGS License drop-down menu.
Self-Uninstall KC Agent
When creating or setting up profiles in the Setup edition of Knox Configure (KC), you can choose to set a self-uninstall flag that allows the KC agent to automatically uninstall after profile configuration is complete. You can specify whether this functionality is available on the device when you are setting up or modifying the profile. This feature primarily helps minimal use cases where a full set of permissions is not needed, such as rebranding or minor configuration changes. The process works as follows:
- On the KC console, when setting up a new profile, select the Self-uninstall checkbox. If this option is selected, the KC console only shows reduced options in the console.
- Depending upon the options selected, KC applies the device configuration to the target device.
- Upon successful implementation of the device configuration, the KC agent is automatically uninstalled.
- For devices that require a factory reset as part of device configuration prior to the license expiration, the KC agent uninstalls itself after the device resets and successfully includes the device configuration options.
Applications and widgets
Accessing the Library
Launch your KC console by clicking on the Knox Configure tile after signing into samsungknox.com. From the left-hand menu, choose Library.
From here, you can manage your applications which can be used within your profiles. To add a new app, click on the ADD MOBILE APPLICATION button.
There are two types of applications which can be added for mobile devices:
- Your own APK file
- A Google Play shortcut
When uploading your APK file, choose the proper file from your PC, and add a description (optional).
You can also check off Activate Knox license, however, only a custom SDK/custom SDK (KLM) license can be used for application activation. You can request these keys from your license reseller. Once received, the key and application must be registered on KPP before use. The application will be downloaded on the device during configuration if a license is selected.
If you select the ADD FROM GOOGLE PLAY option instead, you need to provide a direct address to the Play store app and an optional description. There is the possibility to add more than one app at once.
When an uploaded app is selected, you can choose from various options to manage it under the ACTIONS button, such as deleting the app. Also, when an app is clicked, you will see a popup with basic information about it and all the uploaded versions.
If you want to add an application for your wearable device, the process is similar. Move to the WEARABLE APPS section and select ADD WEARABLE APPLICATION.
Like with mobile apps, there are two types of applications which can be added for wearable devices:
- Your own TKP or WGT file
- A Galaxy Store shortcut
In order to upload your own app, browse for the proper TPK or WGT file on your PC, provide a name for it and an optional description. If this is a watch face app, mark it properly.
If you select the ADD FROM GALAXY STORE option, you need to provide a Tizen package ID, such as org.tizen.message or org.tizen.call. Ensure you enter the package ID, not the application ID. Also, provide an app name, version and optional description. If this is watch face app, mark it properly.
App management in KC profiles
During the creation of a new profile, after initial settings you will be able to add apps to your profile. Select the ADD APPLICATIONS TO PROFILE button to continue.
Now, you can choose from apps already uploaded to your library or add a new one. To add a new app, follow the instructions outlined in the previous Library section.
When your uploaded app has more than one version, you can choose which one to be added to your profile.
Home & lock screen
- Default Home screen wallpaper — Upload a file to use as the home screen wallpaper.
- Default Lock screen wallpaper — Upload a file to use as the lock screen wallpaper.
- Device — Select Phone or Tablet from the Device type drop-down menu, as display options are unique to the type selected.
- Customize favorite applications — Add a row of pinned icons at the bottom of all the screens. Some tablet models may not support this feature.
- Clear all favorite applications from the Home screen - Remove all current favorite applications from the device home screen.
- Clear all shortcuts from the Home screen — Remove all current app icons and widgets from the home screen.
- Device screen preview - Use the Select grid drop-down menu to display phone app icons in a 4x4, 4x5 (Default), 4x6, or 5x6 grid and tablet app icons in a 6x5, 6x6, 8x4, 8x6 grid. If the device does not support the grid dimensions specified, this setting may create an error.
A lock screen is also available to hide separate Time, Date, Owner information, Notifications, Help Text, Battery information and Shortcuts. Select one or all widgets as needed to visually inspect and hide widgets from the device display.
Additional Home & lock screen settings (Knox 3.4 and above devices only)
Home screen notifications
Select the Home screen check box and select On or Off to determine whether to display notification details when a Knox 3.4 or above device user touches and holds an app on the device home screen. Once selected, use the Allow user to change setting option to either Allow Home screen device user changes, Do not allow user changes or Do not allow and hide setting from user.
Applications & content
Set the following Setup edition profile restrictions for application and content utilization:
- Disable system applications
- Disable all pre-installed browsers - Disables the device browsers on the device
- Disable Google Play store - Disables device from accessing the Google Play store to obtain additional applications.
- Disable S Voice - An error may occur if you enable and deploy this setting to a device that does not support S Voice.
- Disable the usage of other applications - Enter the package name(s) of those additional applications you want to disable.
- Block applications from unknown sources - Prevents a user from installing apps from sources other than the Google Play store.
- Prevent applications from being uninstalled - Enter the package name(s) of applications end users are restricted from removing.
- Launch automatically after configuration - Select the content that automatically displays when the device completes enrollment.
- Applications - Select the applications to launch automatically once the initial profile configuration is set.
- Launch immediately on every boot-up - Select this option to launch selected applications automatically each time the device is booted.
- Other content - Select additional content, such as a sound file, to add to your profile
- Select an application to play the file - If you have selected Other content, you need to select an application that will play the selected file.
- Launch immediately on every boot-up - Select this option to launch the selected other content automatically each time the device is booted.
- Download application during configuration - Add an application with this setting to ensure the selected application is downloaded during configuration and not in the background.
- Add application permissions - If necessary, add application permissions that are allowed when defined within the application manifest file.
- Change application icon - Enter the package name of an app you have added to the profile and upload a custom image to use as the app icon.
- Change application name - Enter the package name of an app you have added to the profile and enter a custom name to distinguish the application.
Samsung Internet browser settings
These Samsung Internet browser settings are also applied to the preloaded Chrome application, but may perform as intended depending on the Chrome version used.
Set the following profile browser settings for homepage selection and bookmark utilization:
- Set homepage - Enter the URL for the Samsung Browser home page.
- Add web bookmarks - Add the Title and URL of the web bookmarks for the SBrowser. If your users need to log in to an employee portal to access internal files, you may wish to add a web bookmark for that portal.
If necessary, upload a VCF file with the specific contact information you want to include with this profile.
Set the following profile content destination and file save options:
- Set content folder name - Provide a unique name for the folder where content from this profile are pushed.
- Add files to the Contents folder - Upload specific content, such as video, music, or digital books to the device Content folder.
- Additional content - Optionally check any of the displayed boxes to mark additional content to download during configuration, otherwise, it will be downloaded in the background once configuration is completed.
Sound & display
Sound & display
Set the audio levels for system, media, ringtone and device speaker volume.
- Set audio levels - Set the volume level of the specified stream (e.g. Media, Notifications, System, Ringtone).
- Device speaker - Set device speaker to play all sounds. Even if the user connects a device through the audio jack, sound is still played through the phone or tablet speakers.
- Ringtone - Set the ringtone or notification tone to the specified audio file. The ringtone option is not supported on devices running Knox 3.0 or later.
Set the following Setup edition profile device display options as user deployment requirements warrant:
- Set screen auto rotation to OFF — Enable or disable the auto-rotate screen display feature. You can also specify the screen's rotational angle (e.g. 0°, 90°, 180°, 270°).
- Remove lock screen — Remove the lock screen from the device. Pressing the power or home button will turn the screen on. Any previous user-configured lock screen settings such as secure pattern or device passcode unlock methods will also be removed.
- Hide system bar — Hide the status bar, navigation bar, or system bar depending on the Android system on the device.
- Screen always on when plugged in — Enable the screen to stay on when the device is connected to a power source.
- Set the brightness - Select and use the Brightness slider to set the default device screen brightness. Select Set auto brightness to allow the device to automatically adjust the screen brightness according to the brightness of its surroundings.
- Set blue light filter - Select On from the drop-down menu to control the intensity of the device blue light if too bright in the dark. Once selected, the Opacity option can also be selected to enable a slider to refine the Opacity (density) of the device blue light display. If set to Off, the Opacity option is unavailable and the blue light setting cannot be modified. This feature may not work properly in some device which use a S/W blue light filter. It is recommended to test before deployment.
Set the default device font
- Set the default device font
- Set system font style — Set the system font to one of the following:
- Keep current settings
- Choco cooky
- Cool Jazz
- Gothic Bold
- System font size — Use the preview area to test and select the font size.
- Larger font sizes — On supported devices, selecting this option allows you to increase the font size above 7pt. If your device is not supported, the largest font size will be utilized.
- Font size — Select a font size between 1-7pt. If you've selected the Larger font sizes option, on supported devices, additional font sizes may be available.
- Set system font style — Set the system font to one of the following:
Custom booting and shutdown animations
Administrators can customize boot animation by uploading images and setting the desired image orientation, dithering and size. Once created and uploaded, an admin can preview and verify the animation before assigning it to devices. When added into the console, the animation as a .qmg file for profile assignment.
Once verified, an admin can create a profile with relevant settings and add the animation file. The admin can then push the profile to specific assigned devices and verify the devices are configured properly with the animation file. For more information on creating and implementing custom animation, go to: Custom animation creation.
The custom display options are as follows:
- Clear a custom booting and shutdown animation — Remove an existing device boot or shutdown animation from enrolled devices.
- Set a custom booting animation — Provide Animation, Loop, and Sound files played when the user turns the device on. The Loop file plays until the device has completed the boot process.
- Animation file — The animation file plays right after the “Powered by Android” screen.
- Loop file — A loop file plays repeatedly until device has completed boot process (once the animation file is finished).
- Sound file — Submit an .ogg file played alongside the .qmg file. This file should be below 48 kHz. If your animation is silent, submit a silent .ogg file.
- Set a custom shutdown animation — Provide Animation and Sound files played as the device shuts down.
- Animation file — The animation file plays when the device is powering off. Only .qmg files are accepted.
- Sound file —Submit an .ogg file played alongside the .qmg file. This file should be below 48 kHz. If your animation is silent, submit a silent .ogg file.
Additional Sound & display settings (Knox 3.4 and above devices only)
Select the General display checkbox to set the following device display options for Knox 3.4 and above supported devices:
NOTE - Each General display setting has an Allow user to change setting option to either Allow device user changes, Do not allow user changes or Do not allow and hide setting from user. These options can be set independently of each other and are persistent across subsequent logins.
- Refer to the Adaptive brightness setting On and Off options to determine whether brightness adjustments are collected and applied automatically under similar detected lighting conditions.
- Refer to the Accidental touch protection On and Off settings to optionally protect from unintended touch updates when the mobile device is placed in a dark place such as a pocket or purse.
- Use the Screen zoom slider to make displayed items appear larger or smaller as their image size requires.
- Use the Screen timeout drop-down menu to set a screen display inactivity timeout of either 15 seconds, 30 seconds, 1 minute, 2 minutes, 5 minutes or 10 minutes.
Select the Navigation bar checkbox to display Button order options for Knox 3.4 and above supported devices.
Use the Button order drop-down menu to define one of the following navigation bar display options:
- Normal (Recents, Home, Back) - Keeps the device's navigation bar button order in its current default position.
- Reverse (Back, Home, Recents) - Reverses the device's navigation bar button order from its default position so the back function displays on the left, with home in the center and recents on the right.
Once the Button order is set, refer to the Allow user to change setting option to either Allow device user navigation bar changes, Do not allow user navigation bar changes or Do not allow and hide setting from user.
Select the Notifications checkbox to display notification app badge icon display options for Knox 3.4 and above supported devices.
Refer to the Application icon badges option and select either On or Off to define whether badges display when applications receive notifications.
Select the Status bar checkbox to set the battery percentage display for Knox 3.4 and above supported devices. Selecting On displays remaining batter percentage on the status bar, while selecting Off disables the battery percentage display. The Show battery percentage setting has an Allow user to change setting option to either Allow device user changes, Do not allow user changes or Do not allow and hide setting from user.
General sounds and vibrations
Select the General sounds and vibrations checkbox to display device sound and vibration options for Knox 3.4 and above supported devices. Options include:
- Refer to the Vibrate while ringing On and Off options to set whether the mobile device vibrates upon receipt of an incoming call.
- Set the Vibration pattern experienced on the mobile device upon receipt of an incoming call. Options include, Basic call, Heartbeat,Ticktock, Waltz, Zig-zig-zig, Off-beat, Spinning, Siren, Telephone, and Ripple.
- Set the Use volume keys for media option to either On or Off to determine whether the media volume can be controlled by default when a volume key is pressed.
System sounds and vibrations
Select the System sounds and vibrations checkbox to display device sound and vibration options for Knox 3.4 and above supported devices. Options include:
- Refer to the Touch sound On and Off options to set whether tones are emitted when touching certain screen items.
- Use the Screen lock sound On and Off options to set whether tones are emitted when locking or unlocking the screen.
- Navigate to the Charging sound On and Off options to set whether tones are emitted when the mobile device begins charging.
- Refer to the Dialing keypad tone On and Off options to set whether tones are emitted when tapping the dialing keypad.
- Use the Keyboard sound On and Off options to set whether tones are emitted when tapping the Samsung keyboard.
- Navigate to the Keyboard vibration On and Off options to set whether the mobile device vibrates when tapping the Samsung keyboard.
- Refer to the Touch vibration On and Off options to set whether the mobile device vibrates when tapping navigation buttons or touching and holding items on the screen.
Set the following connectivity settings for the setup edition profile and its intended device deployments:
- Default Wi-Fi settings — Set the current device Wi-Fi configuration as the default, or leave the Wi-Fi On or Off.
- Network (optional) — Enter the SSID name and Password for the default Wi-Fi network.
- Advanced Wi-Fi settings — Enter an SSID name and select the Security setting for this network. If applicable, enter a Password. Click Add another if you want to set up multiple Wi-Fi profiles. If necessary, a device can connect to a specified network with Proxy (optional) credentials delivered by Knox Configure using a proxy to communicate externally
- Disable Wi-Fi network blocking - Select this option to disable Wi-Fi network blocking for the defined SSID configuration. Samsung devices have Wi-Fi network blocking enabled by default, and disabling Wi-Fi network blocking may reduce AP connection and battery consumption issues for the specified SSID Wi-Fi configuration. This setting is available on Knox 3.5 and above supported devices, and XCover Pro devices running Knox version 3.4.1 and above.
- Default Bluetooth settings — Use Keep current settings to set the current device Bluetooth state as the default. Use On or Off to enforce a Bluetooth state and override current device Bluetooth settings.
- Default location settings — This setting turns GPS ON, OFF or keeps the current location setting on the device as the default.
- Default NFC settings — Set the current NFC setting as the default or turn NFC On or Off by default.
- Keep current settings, or turn Airplane mode On or Off.
- Turn on mobile data — Turn mobile data ON, OFF, or keep the current setting on the device.
Set the connection type when the user connects the device to a computer via USB:
- Keep current settings
- MTP — Allows the user to copy files between the device and a computer.
- PTP — Picture Transfer Protocol, the computer treats the device as a camera. Allows photo editing programs and other software apps to access photos on the device.
- MIDI — Musical Instrument Digital Interface, a connection type used by electronic musical instruments and computers to communicate with each other.
- CHARGING — Allows the device to charge, but not transmit data.
Additional Device connectivity settings (Knox 3.4 and above devices only)
Select the Advanced Wi-Fi checkbox to display additional NFC beaming options for Knox 3.4 and above supported devices. Options include:
- Refer to the Switch to mobile data On and Off options to use mobile data whenever the current Wi-Fi network is detected as slow or unstable.
- Use the Allow individual apps to switch On and Off options to switch apps to mobile data when a Wi-Fi connection cannot be established.
- Navigate to the Turn on Wi-Fi automatically On and Off options to enable Wi-Fi in locations where Wi-Fi has been used frequently.
- Refer to the Detect suspicious networks On and Off options to receive notifications when suspicious activity is detected on the Wi-Fi network.
- Use the Wi-Fi power save mode On and Off options to reduce battery consumption by analyzing Wi-Fi traffic patterns.
- Navigate to the Hotspot 2.0 On and Off options to connect to Hotspot 2.0 supported access points without a password requirement.
Set the following device settings to define how the end user device displays language, time zone, time updates, USB debugging mode and power save utilization.
- Locale - Select the language and country for the device.
- Time zone - Keep current settings or select the appropriate timezone for devices.
- Automatic Time Update - Set the device to automatically update its time and date information from a network resource.
- Default USB debugging mode - Define whether USB debugging is On or Off for this specific profile.
- Keyboard - Select the Customize keyboard option to enable the Predictive mode option. Once enabled, the predictive mode and keyboard settings options function independent from one another, so there are no constraints on using these options together.
- Predictive mode - Turn predictive mode On or Off as needed. Predictive mode attempts to complete a word on behalf of the user based on the initial characters entered when forming a word. This setting is only available on devices running Knox version 2.7.1 and above.
- Add keyboards - Add up to 5 third party keyboard on devices managed by Knox Configure using the Add keyboards setting. The appropriate keyboard application must also be installed on the device to be added successfully using Knox Configure.
- Disable OMC mode - Prevent the device from being customized by a source other than Knox Configure (i.e. Open Market Customization).
- Power on the device when connected to a power source - Set devices to automatically power on when connected to a power source.
- Power off the device when disconnected from a power source - Select this option to automatically power off a device when disconnected from its power source.
- Extend battery life by limiting the maximum charge when connected to a power source - Select this option to provide a maximum charge setting of 85% to avoid issues with keeping a tablet on its charger too long. When selected, a tablet device will stop charging once it reaches 85% of total available charge.
Refer to this portion of the Device settings profile configuration screen to remap hardware keys to launch a specified application, using either a long or short press action. Additionally, customizable hot key remapping combinations are also supported. For instance, launch one app with a short press action and another app with a long press action. When needed, select an available template for hot key mapping based on the intended key mapping configuration.
To remap hardware keys:
- Refer to the Remap hardware keys (XCover Pro and Tab Active Pro only) portion of the screen and select the ADD CONFIGURATION button.
- Use the Key mapping template drop-down menu to either select Microsoft Teams, to use template with preconfigured settings, or Custom to create a unique custom key mapping configuration. The Microsoft Teams template provides a single click option to enable walkie talkie functionality with Microsoft Teams for XCover Pro and Tab Active Pro devices.
Set the following custom key mapping configuration:
- Key name — Specify whether the device's XCover key or Top key will launch the specified application using either a short or long button press.
- Key press type — Select whether a Short press or Long press hardware key press launches the selected application.
- Action type — Select either Launch application or Launch and exit as the action resulting from the specified short or long Key press type.
- Application package name — Correctly provide the package name launched by the selected XCover Pro or Tab Active Pro key and the selected key press type and action.
- Select DONE to save this particular key mapping configuration and optionally repeat this process to define additional key mapping configurations.
- When completed, review the configurations customized for specific key mapping templates, keys, key press types, actions, and applicable packages.
Side key remapping
You can remap the side key to custom functionality for Knox 3.7 and above. The options available for this custom remapping are as follows:
- Double-press of the side key - You can choose to allow or restrict the device user from double-pressing the appropriate key. You can turn this setting on or off.
- Turn on or off
- Quick launch camera
- Open Bixby
- Open specific app
- Press and hold of the side key
- Wake Bixby
- Power off menu
- Allow user to customize - You can choose one of three settings:
- Allow the device user to customize the action
- Do not allow the device user to customize the action
- Do not allow the device user to customize the action as well as hide the setting from the user
How do I remap the side key on devices?
- In the KC console, navigate to Profiles, and select the profile you want to modify.
- Once the profile configuration dashboard appears, click on Device Settings.
- Click the Edit button on the top right-hand side.
- Scroll down, and select the Bixby Key option in order to expand settings options.
- From there, you can set configurations such as the double-press of the side key or press and hold of the side key.
Language and input
Select the Language and input checkbox to display additional keyboard utilization settings for Knox 3.4 and above supported devices.
Refer to the Show keyboard button options to display a keyboard button on the device navigation bar for an easier switch between mobile device keyboard resources. Once set, refer to the Allow user to change setting option to either Allow device user keyboard changes, Do not allow user changes or Do not allow and hide setting from user.
Select the Text-to-speech checkbox to display speech engine, pitch, and speech rate settings for Knox 3.4 and above supported devices.
- Refer to the Preferred engine drop-down menu to specify whether the Samsung text-to-speech Engine or Google Text-to-speech Engine is utilized as the speech recognition engine for text-to-speech conversion.
- Use the Pitch slider to set the text-to-speech pitch rate in the range of 25-400.
- Use the Speech rate slider to define the text-to-speech rate conversion used by the speech recognition engine. The setting is defined in the range of 10-600.
Enable or disable the following security restrictions as needed for this specific profile and its intended device support:
- ALL - All of the Security restrictions are applied.
- Disable Software Updates (Firmware updates via Wi-Fi and Mobile networks) - You can set a FOTA block for devices so that even if the device user tries to manually update the device’s firmware, it is blocked on the device. Only after the new device is enrolled in Knox Configure, KC will decide to permit the appropriate FOTA update to the device or not based on FOTA block option. If you set the FOTA block as on, then KC will block FOTA updates. If not, KC won’t block it and the end user can select whether to accept the FOTA update or not. This restriction negates the chances of an OS mismatch on the device and ensures that all partner apps remain functional. Additionally, for devices running Knox 3.4 or higher and the Samsung T295 device, you can prevent the device user from updating the firmware of the device in download mode.
- Disable Multiple user mode - On supported devices, prevent more than one user account from being created.
- Disable Safe mode - Safe mode prevents the device from running third-party apps. Select this option to prevent users from enabling Safe mode.
Security settings (Knox 3.4 and above devices only)
Select the Location checkbox to display additional Wi-Fi and Bluetooth scanning settings for Knox 3.4 and above supported devices. Once these options are set, refer to the Allow user to change setting option to either Allow device user password visibility changes, Do not allow user changes or Do not allow and hide setting from user.
- Wi-Fi scanning - Enable this setting to let applications use Wi-Fi for more efficient location detection, even when Wi-Fi is turned off.
- Bluetooth scanning - Enable this setting to let applications use Bluetooth for more efficient location detection, even when Bluetooth is turned off.
Other security settings
Select the Other security settings checkbox to display password visibility settings for Knox 3.4 and above supported devices. Select On to make password characters briefly visible as they are typed and hides them shortly thereafter. Selecting Off disables the feature. Once set, refer to the Allow user to change setting option to either Allow device user password visibility changes, Do not allow user changes or Do not allow and hide setting from user.
An Access Point Name (APN) is the gateway between a carrier providing 2G, 3G, or 4G mobile network service and the mobile device. Devices must be configured with the correct APN information to establish data connectivity. Only a single APN resource is available at one time, though an identical APN configuration with the same parameters can be defined.
If adding or editing an APN resource, provide the following configuration details:
Set as preferred APN - Select this option to make this APN the preferred Access Point resource supporting your device. This option is disabled by default.
- APN (Access Point Name)
- MCC (Mobile Country Code)
- MNC (Mobile Network Code)
- Authentication type
- None - No user credential validation exchanges are attempted.
- PAP - The Password Authentication Protocol (PAP) uses a static username and password for authentication purposes.
- CHAP - The Challenge Authentication Protocol (CHAP) creates a unique "challenge phrase" for each authentication attempt instead of using a standard username or password.
- PAP or CHAP
- APN Type
- APN Protocol
- IPv4/IPv6 - Both IPv4 and IPv6 formatted IP addresses are supported for the APN resource.
- APN roaming Protocol - Select whether the device should use an IPv4, IPv6 formatted network or both as a roaming protocol.
- Mobile virtual network operator type - Use the drop-down menu to select the appropriate mobile virtual network operator type (MVNO) allowing an APN configuration to be restricted when using particular MVNOs or subscriber accounts. Without the MVNO setting, custom defined APN configurations are selected according to MCC and MNC only, which specifies the mobile network a mobile device subscribes to, but not the particular retailer or reseller, or account on a network. Drop-down MVNO menu options include None, SPN (Service Provider Name), IMSI (International Mobile Subscriber Identity), or GID (Group Identifier Level 1). When a value other than None is selected, a MVNO value is also required.
- Mobile virtual network operator value - Set the value that either matches service provides name (SPN), the unique subscriber account (IMSI) or global identifier level 1. The MVNO value is not required if the MVNO type is set to None.
- MMS Proxy
- MMS Port
For information on adding DeX support for a profile (both Setup and Dynamic edition profile types), go to: DeX mode support.
Devices supporting Knox version 3.4 and above have an additional set of advanced features configurable for a Setup edition profile. Each can be separately enabled.
Enable Motions and gestures to display the following additional Advanced features for the Knox 3.4 or above supported profile. Each of the following can be turned On or Off for the profile, and has a separate drop-down menu to either Allow, or Do not allow device user changes or Do not allow and hide setting from user.
- Smart stay - When enabled, the screen remains unlocked as long as the device camera can detect your eyes looking at the screen. When you put the phone down or look away, the device will turn off based on the screen's current timeout settings.
- Smart alert - When enabled, smart alert informs the device user of missed calls and text messages by vibrating the phone when its picked up.
- Easy mute - When enabled, easy mute allows you to mute incoming calls and alarms by placing your hand on the screen. On Galaxy S8, S8+, S7 and S7 edge platforms you cam also mute calls and alarms by placing the phone face down on a flat surface.
- Palm swipe to capture - When enabled, this feature allows you swipe your hand across the device screen to capture the current device display. Once captured, the image resides in the screenshots album/folder in the gallery.
- Swipe to call or send messages - When enabled, this feature allows you to call or send messages by swiping your finger across a contact's information in the phone or address book.
On the left, review the settings that you've configured for each category. Click on the General information and Additional EULA tabs to see the information entered. If you need to make any changes, click BACK. When you have verified the settings are correct, select SUBMIT. Select the DOWNLOAD PROFILE SUMMARY AS A PDF option to archive the profile summary settings in PDF for potential re-use in creating profiles for other accounts.