Back to top

Configure the keepalive settings

Last updated July 26th, 2023

You can configure the keepalive settings to check the connection between the Knox Manage server and the device. The Knox Manage server checks the connection between the server and the device at the set interval.

The keepalive option helps IT admins to figure out what devices are not connected to the Knox Manage console (for any reason) by trying to establish a connection to the device. If the device is not answering for longer than a set period of time, its status changes to Disconnected. Once the device connects to the Internet again, the Knox Manage agent checks its status, and the Device Status changes to Enrolled.


The Keepalive feature is not supported for the following:

  • Staging devices assigned only to groups.
  • Shared iPads.

Keepalive notification emails

When using a keepalive configuration, you can choose to send a one-time email digest when some of your fleet’s devices will expire soon.

Here’s an example of the email digest:

An example keepalive email digest.

Add a keepalive configuration

You can define multiple keepalive configurations at once. Click add to add a configuration.

You can add or edit up to 20 configurations when you save the settings.


If a device does not communicate with Knox Manage services for longer then set period of time, its status changes to Disconnected. After the communication is established again, the status changes back to Enrolled. This option is needed to highlight the devices that are not communicating with Knox Manage, so that they are not automatically unenrolled from Knox Manage.

To configure the keepalive settings, complete the following steps:

  1. Navigate to Setting > Configuration > keepalive.

  2. Turn on Keepalive to enable the configurations.

  3. Select a target type between Global Setting and Set by Group/Organization.

    • Global Setting — Applies the keepalive settings to all policies.
    • Set by Group or Organization — Applies the keepalive settings to selected groups or organizations.
  4. Configure the keepalive settings:

    • Keepalive Expiration (days) — Select a period between 3 and 365 days. If there is no communication between the Knox Manage server and a device for the set period, it attempts to re-establish a connection directly. If the device still fails to establish communication, then its status changes to Disconnected.

    • Lock Device or Work Profile Upon Expiration — If this option is set to Yes, then when the device’s keepalive expiration interval — set using a combination of days and hours — elapses without a connection from the device, the device is automatically locked. The device user has to manually unlock the device using the unlock passcode. The IT admin can find this unlock passcode on the Knox Manage console, on the Device Details page > Security tab > Lock device field > unlock passcode.

      The Keepalive page with the Lock Device Upon Expiration setting turned on.

      Two different lock screens, side by side. The screen on the left appears on Android Enterprise and non-Samsung devices on the Android Legacy platform, and the screen belongs to the Knox Manage agent. The screen on the left appears on Samsung devices on the Android Legacy platform, and the screen is the native lock screen.


      Devices enrolled as Android legacy with Knox Workspace do not support this lock device feature.

    • Keepalive Interval (hours) — Select a cycle to check the connection status by checking the last time the device and the server communicated.

    • Group or Organization — Click Select and select user groups or organizations to apply the keepalive settings.

  5. (Optional) Configure automatic keepalive notification emails:

    • Turn on Email for Disconnected Devices.
    • For When to Send Emails (Days before Disconnection), specify when to send the digest. You can schedule the email to be sent on any day leading up to the keepalive duration, minus one. For example, if the keepalive duration is set to 7 days, then the earliest the email could be sent is 6 days before expiration.
    • Click Select to add one or more admins in your tenant as email recipients.
    • If you need to send emails to recipients who aren’t attached to accounts in your tenant, click Add and enter their addresses.
  6. Click Save.

Is this page helpful?