Configure the keepalive settings

You can configure the keepalive settings to check the connection between the Knox Manage server and the device. The Knox Manage server checks the connection between the server and the device at the set interval.

The keepalive option helps IT admins to figure out what devices are not connected to the Knox Manage console (for any reason) by trying to establish a connection to the device. If the device is not answering for longer than a set period of time, its status changes to Disconnected. Once the device connects to the Internet again, the Knox Manage agent checks its status, and the Device Status changes to Enrolled.

Keepalive notification emails

When using a keepalive configuration, you can choose to send a one-time email digest when some of your fleet’s devices will expire soon.

Here’s an example of the email digest:

Add a keepalive configuration

You can define multiple keepalive configurations at once. Click to add a configuration.

You can add or edit up to 20 configurations when you save the settings.

To configure the keepalive settings, complete the following steps:

1. Navigate to Setting > Configuration > keepalive.

2. Turn on Keepalive to enable the configurations.

3. Select a target type between Global Setting and Set by Group/Organization.

   • Global Setting — Applies the keepalive settings to all policies.
   • Set by Group or Organization — Applies the keepalive settings to selected groups or organizations.

4. Configure the keepalive settings:

   • Keepalive Expiration (days) — Select a period between 3 and 365 days. If there is no communication between the Knox Manage server and a device for the set period, it attempts to re-establish a connection directly. If the device still fails to establish communication, then its status changes to Disconnected.

   • Lock Device or Work Profile Upon Expiration — If this option is set to Yes, then when the device’s keepalive expiration interval — set using a combination of days and hours — elapses without a connection from the device, the device is automatically locked. The device user has to manually unlock the device using the unlock passcode. The IT admin can find this unlock passcode on the Knox Manage console, on the Device Details page > Security tab > Lock device field > unlock passcode.

     

     

     Devices enrolled as Android legacy with Knox Workspace do not support this lock device feature.

   • Lock Device Message — Enter a message to display on the device’s locked screen. This feature is supported for fully-managed Android devices only.

     If not specified, the following default message is displayed to the device user – The device has been locked by Knox Manage because communication between the device and the server was disconnected for a certain period of time.

     Select a cycle to check the connection status by checking the last time the device and the server communicated.

   • Keepalive Interval (hours) — Select a cycle to check the connection status by checking the last time the device and the server communicated.

   • Group or Organization — Click Select and select user groups or organizations to apply the keepalive settings.

5. (Optional) Configure automatic keepalive notification emails:

   • Turn on Email for Disconnected Devices.
   • For When to Send Emails (Days before Disconnection), specify when to send the digest. You can schedule the email to be sent on any day leading up to the keepalive duration, minus one. For example, if the keepalive duration is set to 7 days, then the earliest the email could be sent is 6 days before expiration.
   • Click Select to add one or more admins in your tenant as email recipients.
   • If you need to send emails to recipients who aren’t attached to accounts in your tenant, click Add and enter their addresses.

6. Click Save.