About Knox Guard's SIM Control policy

Overview

This knowledge base article provides a general overview of Knox Guard’s SIM Control policy, and answers some commonly-asked questions about the feature.

---

What is Knox Guard and its SIM Control policy?

Knox Guard is a cloud-based service that allows carriers/financial institutions to remotely control and lock Samsung devices to reduce financial risks while running installment plans.

From Android 9, the Knox Guard solution also supports a remote SIM Control policy, which allows organizations (e.g. carriers or financial institutions) to restrict certain features on Samsung devices, including locking and unlocking them, using SIM Card attributes.

This feature is especially important for operators and Mobile Virtual Network Operators (MVNOs), as the cost of their devices can be subsidized while ensuring that end users cannot use other carrier SIM cards with them.

How does Knox Guard’s SIM Control policy work?

Using Knox Guard, you can configure the SIM Control policy based on the SIM card information below:

• Mobile Country Code (MCC): Identifies the country that the mobile subscriber resides in.

• Mobile Network Code (MNC): Identifies the mobile network operator. To uniquely identify a mobile subscriber’s network, the MCC is combined with a Mobile Network Code (MNC).

• Group Identifier Level 1 (GID1): Identifies a particular SIM and handset association, which can be used to classify a group of SIMs involved in a particular application.

If the device has a SIM card that matches the MCC and MNC codes listed in Knox Guard, it can be used without restrictions.

If your device’s SIM card has MCC and MNC codes that do not match the configured codes, Knox Guard either applies restrictions or locks the device. Using Knox Guard, you can apply the following SIM card-based restrictions to the devices you are managing:

• Lock Device

• Restrict Voice Calls

• Restrict SMS/MMS/RCS

• Restrict SIM data usage

NOTE—The number of MCC/MNC codes you can list is 50.

NOTE—For dual SIM devices, any configured restrictions only apply to an inserted SIM card that does not match the MCC and MNC codes listed in Knox Guard.

Once you have configured the SIM Control policy, you can enable it by selecting a number of devices. Device selection can either be done manually or in bulk by uploading a CSV file. You may also choose API integration as an option.

What does the SIM Control policy look like in action?

Consider that in Knox Guard, you configured and enabled a SIM Control policy to lock a fleet of devices. Once the policy is applied, Knox Guard locks a device if the end user replaces the original SIM card with one from a different operator. Knox Guard detects the unauthorized SIM card, locks the device and displays the following information to the user:

• A message chosen by the operator

• Contact information (i.e. phone number or e-mail address)

If the user reinserts the original SIM card associated with the authorized operator, the device unlocks. This policy ensures that users can only use the device with authorized SIM cards.

NOTE—If you apply restrictions to other features such as Voice Calls, SMS/MMS/RCS or Data usage, the operator's message is displayed without locking the device.

Can Knox Guard detect when a user changes the SIM Card?

Yes. Knox Guard offers device logs, which allow you to check if the SIM card was changed or replaced.

How can I enable the SIM Control Policy in my Knox Guard console?

Currently, the SIM Control policy is an optional feature of Knox Guard. Please contact your local Samsung Knox Guard administrator to enable it on your account.