- *BASICS*
- The Knox Ecosystem
- White Paper
- Samsung Knox Portal
- Knox Cloud Services
- General Knox Support
- Knox Licenses
- *FOR IT ADMINS*
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Introduction
- Accept or reject devices
- Upload devices
- Delete devices
- Complete payment
- Send payment overdue notification
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Samsung Care+ for Business
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
The available commands for a device vary based on its management mode. For Fully Managed with Work Profile devices, you can select either the whole device or just the Work Profile as the recipient of the command.
Device
| Device command | Description |
|---|---|
| Apply Latest Profiles | Pushes and applies the latest profile and app information to the device. |
| Enable EAS (Samsung Email App Only) | Allows using Exchange ActiveSync for Samsung Email app. |
| Disable EAS (Samsung Email App Only) | Disallows using Exchange ActiveSync for Samsung Email app. |
| Lock Device |
Locks the device. You can enter a reason for locking the device and a phone number to contact when the device is lost. The information you provide when sending a lock device command shows on the screen of the locked device. The following characters aren't supported in the lock screen message: \, ", [, and ]. NOTE — For non-Samsung Android devices, this policy is only supported on Android 8 and lower.
|
| Unlock Device |
Unlocks the device. NOTE — For non-Samsung Android devices, this command is only supported on Android 8 and lower.
|
| Lock Screen | Locks the device screen. If the device's screen is password-locked, then the user needs to enter the password to access the device again. |
| Lock SIM PIN |
Places a lock on the SIM card's PIN to prevent the use of the SIM card on another device. To lock a SIM PIN, enter the current SIM PIN and then enter a new PIN. If the locked SIM card is registered to another device, the device is locked and the user must enter the new PIN to unlock it. |
| Unlock SIM PIN |
Removes the lock placed on a SIM card's PIN. To unlock a SIM PIN, enter the current PIN that was applied through Knox Manage, and then enter the initial (default) SIM PIN. You can find the current PIN on the Device Detail page > Network tab > SIM PIN applied by KM. |
| Factory Reset |
Performs factory reset and changes the device status to Unenrolled. Initialize SD Card when factory reset — Click the check box to initialize the SD card during a factory reset. Deactivate Factory Reset Protection — This option is only available when the profile is applied with the Factory Reset Protection policy or when you send the command to multiple devices. Click the check box to perform a factory reset without the Factory Reset Protection policy. |
| Power Off Device |
Turns off the device. NOTE — Only Samsung Galaxy devices support this command, except devices running Android 10 and higher.
|
| Reboot Device | Reboots the device. |
| Reset Screen Password |
Resets the lock on the device. For devices running Android 8 and higher, the user must set a new lock before they can continue operating the device. For devices running Android 7.1.2 and lower, a temporary password is set on the device. After resetting the lock, you must deliver the temporary password to the device user, after which they can set a new personalized lock. For full details about this temporary password process, see How to reset the lock on a device. CAUTION — The device user can skip setting a new lock and continue using the temporary password indefinitely, which is a potential security risk. If possible, encourage them to set a new password.
This command fails to take effect if all of the following is true about the device:
|
| Reset SD Card |
Initializes the external SD card of the device. NOTE — For devices whose External SD Card policy is set to Disallowed in the profile, you cannot reset the SD card using the device command, because the policy takes a higher priority than the device command.
|
| Reset Data Usage |
Resets data usage among the Android device's inventory information.
NOTE — Only Samsung Galaxy devices support this command, except devices running Android 10.
|
| Reset Number of Calls | Resets the number of calls and number of missed calls from the Android device's inventory information. |
| Delete a CA Certificate | Deletes certificates installed by Knox Manage. You can select a certificate to delete. |
| Delete a User Certificate | Deletes certificates installed by the administrator. You can select a certificate to delete. |
| Delete a User Install Certificate | Deletes all the certificates installed by the administrator. |
Application
| Device command | Description |
|---|---|
| Install or Update App |
Installs or updates an app on the device. If the device user has uninstalled the app, then the app can't be re-installed by this command. On the Request Command page, select an app to be installed or updated. NOTE — The app installation allowlist and blocklist policy take precedence over this command. If an app is blocked, then this command can't install it.
|
| Run App |
Runs an app on the device. IMPORTANT — The app installation allowlist and blocklist policy take precedence over this command. If an app is explicitly allowed, then this command can't uninstall it.
|
| Uninstall App |
Deletes an app from the device. IMPORTANT — The app installation allowlist and blocklist policy take precedence over this command. If an app is explicitly allowed, then this command can't uninstall it.
|
| Apply Latest internal App Information | Sends the latest internal app information and updates the device according to the information. |
| Delete App Data | Delete an app's data from the device. |
Knox Manage
| Device command | Description |
|---|---|
| Push Notification |
Sends an emergency message to the device. The message icon shows on the status bar of the device. You can set a push notification message of up to 80 characters. On the Push Notification page, enter the title and content of the message. You can also select between Notification and Pop up for the send type. NOTE —
|
| Unenroll Device | Unenrolls a selected device on the device list. |
| Update License | Updates the license of a selected device on the device list. |
| Update Knox Manage |
Updates the Knox Manage agent on the device for a new patch or version. The agent information registered in the KM server is sent to the device, which then selects the appropriate agent to request installation files from the server. |
| Update User Information |
Updates the device user information, such as the user activation status/username/user settings (Knox Browser website URL information, bookmark information) and license information. If the user is logged out from the enrolled device, you can send this device command to enable the user to log in to Knox Manage automatically. |
| Lock Screen of Knox Manage agent |
Locks the Knox Manage agent. When the agent is locked, the device user must enter the agent's password that was configured during enrollment. If the user forgets the password, you can send the Delete Account command to sign the user out. Then, they can reset the password upon sign in. |
| Unlock Knox Manage agent | Unlocks the Knox Manage agent. |
| Delete Account | Deletes the account registered in the Knox Manage agent. |
| Exit Kiosk | Exits the Kiosk mode without unenrollment. You can find the status of the Kiosk mode on the Device Detail page > Security tab. |
| Convert License | Convert the device's Knox Manage license to a Knox Suite license. |
| Collect Audit Log | Collects the Knox Manage audit logs of the device. When the log size exceeds the maximum size, logs are automatically sent to the server, but the log file may be lost. For more detailed information, see View the audit list. |
| Collect Device Log | Collects the logs of devices. |
| Collect Diagnosis Information |
Collects the device log to diagnose the cause of device lock. NOTE — Personally identifiable or sensitive information is data masked.
|
| Collect Bug Report |
Collect the device's bug report, also known as dumpstate logs. The device user is then prompted to send the report, and they can choose whether to send it. You can view the bug report by selecting the device and viewing its device log. Alternatively, you can go to History > Device Log and select the relevant device. |
| Reset Push Token |
Creates and registers a new Firebase Cloud Messaging (FCM) token for the KM agent on the device. Use this command in scenarios where the device can't receive push notifications, which typically occurs when the token changed on the KM server and the device was unable to sync it. |
Register Managed Google Play Account |
Assigns the Managed Google Play Account associated with your tenant to the device. Use this command if the Managed Google Play Account wasn't registered on the device during enrollment. |
| Play Alarm Sound | Sounds an alarm on the device until the device user takes action. On non-kiosk devices, the alarm is accompanied by a push notification from the KM agent, and on kiosk devices it is accompanied by a pop-up. The alarm sounds regardless of the device's mute and vibration settings. |
Device Info.
| Device command | Description |
|---|---|
| Collect current location |
Shows the current location of the device. |
| Sync Device Information |
Updates the inventory and app information on the device. |
| Sync Installed App List |
Pulls the device's app list. |
| Authenticate SIM Card | Authenticates the SIM card on the device. |
| Authenticate SD Card | Authenticates the external SD card on the device. |
| Attestation | Checks if the device's OS has been compromised. The result of the check can be found in the device details. |
| SafetyNet Attestation | Initiates a SafetyNet Attestation check, which evaluates the integrity of the hardware and software of the device. The specifics of the evaluation depend on the device's Android version. The result of the evaluation can be found in the device details. |
