Menu

Automatic deployment (Android only)

If you configured device settings for a profile, then the settings can be applied automatically on the device without user action. If two or more values have been configured for the same category on a device, then the user must select a category and apply the settings manually, except for Wi-Fi settings. However, the bookmark settings cannot be applied automatically if the Installation area field is set to Shortcut.

Refer to the following table for an example:

Category

Value

Application type

Wi-Fi

A

Auto application

B

VPN

C

Exchange

D

Manual application

F

Device settings can be applied automatically once Knox Manage is activated and the policies are applied. After the application is complete, you can see the results in a notification message.

Preparations

To apply configurations automatically, do the following:

  • When using certificates and VPN settings in the Wi-Fi 802.1xEAP framework, install Credential Storage (CS) so that trusted certificates can be stored in advance. CS installation means locking the screen using an option more secure than a password.
  • For the Knox VPN setting, install the Vendor Client in advance.
  • For the Email and Exchange settings, install the Samsung Email application and agree to receive notifications from the Email application (Galaxy S8 or higher).
  • For the Knox workspace, install the VPN Vendor Client in the general area.

Restrictions

In the following cases, manual intervention is still required even configurations are applied automatically.

  • A Wi-Fi connection needs to be established in the device settings since devices cannot connect to a Wi-Fi AP automatically.
  • To connect a tunnel after installing a VPN or Knox VPN, it must be enabled manually.
  • If the user deletes the auto-applied configuration, the deleted configuration is automatically reapplied when the device is manually rebooted or restarted.

Categories of auto application

Configurations applied automatically can be categorized into Cases A, B, and C:

Category

Description

Application order

Case A

Settings that can be applied and updated immediately after Knox Manage is activated and policies are applied.

  • Application and updates can be performed automatically in the Knox Workspace area once it is created and policies are applied.
  • The Email and Exchange settings require installation of the Samsung Email application.
  • For Wi-Fi 802.1xEAP, select PEAP in the EAP Methods, which is an authentication protocol, to prevent the usage of certificates. The user does not need to select a screen lock type and add it when auto-installing Wi-Fi settings, because this doesn’t require installation of Credential Storage (CS).
  • Auto application of the Bookmark settings is supported on devices running Android 6.0 (Marshmallow) or Android 7.0 (Nougat), and only when the Installation area field is set to Bookmark. However, the Bookmark settings cannot be applied automatically on Android Enterprise devices.

APN > Bookmark > Wi-Fi > Exchange > Email

Case B

Settings that can be applied or updated once a screen lock password is set and additional applications or certifications are installed.

  • If no screen lock password has been set, configurations will not be applied automatically and a notification message for setting the screen lock password will appear instead. Tap Set password on the notification message to open the settings screen of the device.

Wi-Fi > VPN > Knox VPN

Case C

Settings that must be applied manually by the user from Knox Manage.

 

NOTE— If you set up Exchange with a certificate, it will be categorized as Case B because it requires certificate installation.

For more information, see the table below:

Settings category

Android enrollment type

Knox Workspace

Type

CS installation required

Additional application installation required

Automation category

Wi-Fi

Fully managed/Legacy

G

None

X

X

Case A

WEP

X

X

Case A

WPA/WPA2-PSK

X

X

Case A

802.1xEAP

X

X

Case A (When a certificate is not in use)

Legacy

O

X

Case B

Exchange ActiveSync

Legacy

G/K

N/A

X

O

Case A

Case B (When a certificate is in use)

Email

Legacy

G/K

N/A

X

O

Case A

Certificate

Legacy

G

N/A

O

X

Case B

APN

Legacy

G

N/A

X

X

Case A

Bookmark

Fully managed

G

N/A

X

X

Case C

Legacy

G/K

N/A

X

X

Case A

VPN

Legacy

G

PPTP

O

X

Case B

G

P2TP/IPSec PSK

O

X

Case B

G

P2TP/IPSec RSA

O

X

Case B

G

IPSec Xauth PSK

O

X

Case B

G

IPS ec Xauth RSA

O

X

Case B

G

IPSe c Hybrid RSA

O

X

Case B

Knox VPN

Legacy

G/K

Cisco

X

O

Case C

G/K

Strongswan

O

O

Case C

K

F5

X

O

Case B

K

Juniper

X

O

Case B

(When a certificate is not in use, auto application is not supported.)

K

NCP engineering GmbH

X

O

Case B

K

Mocana

X

O

Case C

SSO

Legacy

G/K

N/A

X

O

Case C