How to deploy Knox E-FOTA on Microsoft Intune

Last updated August 14th, 2025

Categories:

Environment

  • Microsoft Intune
  • Knox E-FOTA
  • Knox Service Plugin (OEMConfig)

Overview

This article guides you through how to deploy Knox E-FOTA without user interaction on Microsoft Intune. Knox E-FOTA works with Microsoft Intune’s corporate-owned enrollment types, including:

  • Corporate-owned dedicated devices
  • Corporate-owned fully managed devices
  • Corporate-owned devices with work profile

Prerequisites

Before deploying Knox E-FOTA on your Intune corporate-owned devices, ensure you complete the following:

  1. Obtain a Knox Suite license.
  2. Upload your devices to Knox E-FOTA.
  3. You can skip waiting for the user’s consent during device enrollment by enabling the following setting:
    1. On the Knox Admin Portal, click your account icon and select Settings.
    2. Under KNOX E-FOTA on the Settings page, click PRIVACY POLICY SETTINGS.
    3. Select Skip Knox E-FOTA Terms & Conditions and Privacy Policy and click SAVE.

Assign the required Knox E-FOTA apps to your group

  1. Sign in to your Microsoft Intune admin center.
  2. Navigate to Apps > Android > Create > Managed Google Play app.
  3. Add the following apps from the Managed Google Play store to your group:
    • Knox E-FOTA
    • Knox E-FOTA: Legacy OneUI Core
    • Knox Service Plugin
  4. Navigate to Apps > Android > Create > Android Enterprise system app.
  5. Add the following Android Enterprise system apps to your group:
    • Name: Knox E-FOTA Plugin
      • Publisher: Samsung Electronics Co., Ltd.
      • Package name: com.samsung.android.knox.efota.plugin
    • Name: Knox Container Core
      • Publisher: Samsung Electronics Co., Ltd.
      • Package name: com.samsung.android.knox.containercore

Set up Knox Service Plugin in Microsoft Intune

Using an existing or new Knox Service Plugin OEMConfig profile, you can configure the following OEMConfig policies to auto-launch Knox E-FOTA for your group:

  1. Sign in to your Microsoft Intune admin center.
  2. Navigate to Devices > Android > Configuration > Create > New Policy.
  3. Set the following policy fields and then click Create:
    • Platform > Android Enterprise.
    • Profile type > OEMConfig from the provided profile templates.
  4. In the Basics tab, enter a OEMConfig name, select Knox Service Plugin as the OEMConfig app, and click Next.
  5. In the Configuration settings tab, navigate to Device-wide policies (Selectively applicable to Fully Manage Device (DO) or Work Profile-on company owned devices (WP-C) mode as noted) and click Configure.
  6. Set Enable device policy controls to true.
  7. Go to Firmware update (FOTA) policy and click Configure.
  8. Set Enable firmware controls to true.
  9. Set Enable E-FOTA client installation & launch to true and click Next.
  10. In the Assignments tab, select the groups you wish to assign the profile to, and click Next.
  11. In the Review + create tab, confirm the Summary has the correct policies.

    Profile summary in Microsoft Intune

  12. Click Create.

Is this page helpful?