*BASICS*
The Knox Ecosystem
White Paper
- Introduction
  - The Samsung Knox Platform
  - Feature Summary
- Core Platform Security
- Network Security
  - Virtual Private Networks
  - Network Platform Analytics
- Certificate Management
- Device Management
- User Authentication
  - Biometric Authentication
- App and Data Protection
- Appendix
Samsung Knox Portal
Knox Cloud Services
- Sign in with SSO
General Knox Support
Knox Licenses
*FOR IT ADMINS*
Knox Admin Portal
- About
- Introduction
  - Select Knox services
- Release notes
Knox Suite
- Introduction
- How-to videos
- Get started
- Learn more about Knox Suite
- Enterprise Edition devices
- FAQs
- KBAs
Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
  - Before you begin
- Get started with UEMs
- Knox Service Plugin
- Release notes
- Migrate to Android 11
  - Device management modes
  - Prepare Knox for Android 11
- FAQs
- Troubleshoot
  - Get device logs
- KBAs
Knox Mobile Enrollment
- Introduction
- How-to videos
- Get started
- Features
- Release notes
- FAQs
- Troubleshoot
  - Get support
- KBAs
- On-Premise
Knox Configure
- Mobile
- Wearables
- Shared Device
- KBAs
Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- End users: Get started
  - Getting started with Knox Capture
- Features
- Release notes
- FAQs
- Troubleshoot
Knox Asset Intelligence
- Introduction
- How-to videos
- Get started
- Set up reported device data
- Features
- Troubleshoot
  - Device-side errors
  - Portal-side errors
- Release notes
- FAQs
- KBAs
Knox Manage
- Introduction
- How-to videos
- Get started
- Configure
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQs
- KBAs
Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
  - Install an app to devices through an EMM
  - EMM compatibility matrix
- Release notes
- FAQs
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
  - Knox E-FOTA Advanced
  - Knox E-FOTA on MDM
Samsung Care+ for Business
- Introduction
- Get started
- Submit claim
- Features
- Release notes
- FAQs
*FOR RESELLERS*
Knox Deployment Program
- Introduction
- Get started
  - Get access to the Reseller Portal
  - Buy from a reseller
- Features
- Release notes
- FAQs
- KBAs
*FOR MANAGED SERVICE PROVIDERS*
Knox MSP Program
- Introduction
- How-to video
- Get started
  - Firewall exceptions
  - Before you begin
- Features
- Release notes
- FAQs
- KBAs
- Glossary

iOS

The available device commands vary depending on device manage type.

Device

Device command	Description
Apply Latest Profiles	Sends the latest profile and application information to the device and controls the device with the profile and information.
Lock Device	Blocks some functions of the device without locking the device.
Unlock Device	Unlocks a device.
Factory Reset	Performs factory reset and changes the device status to Unenrolled.
Power Off Device (Supervised)	Turns off the device.
Reboot Device (Supervised)	Restarts the device.
Reset Screen Password	Resets the device’s screen lock password.
Initialize Blocked Information (Supervised)	Initializes the block settings of the device. NOTE—Only iOS Supervised devices are supported.
OS Update (Supervised)	IT admins can force iOS devices enrolled under the supervised mode to the latest OS version. The following options are available: Download or install NOTE—Download or install doesn't happen continuously. If the update file is already downloaded on the device, then only the install command is carried out. If the update file is not downloaded to the device, deploying this command downloads the file. To install the OS update, deploy the Download and install or Install only option. Download only Install only
Enable/Disable Lost Mode (Supervised).	IT admins can now remotely enable Lost Mode on devices that are lost or stolen. When sending this device command, IT admins can specify the following information: NOTE—Devices with Lost Mode enabled cannot be unenrolled from KM. IT Admins must disable Lost Mode to allow the device user to use the device again. Information shown on the device—IT admins can add information that shows on the device, including a message with instructions on what to do when such a device is found, contact information, and a footer with additional information. Collect location data—Check this box to collect location information about lost or stolen devices, even when location permissions are turned off.

Application

Device command	Description
Install	Installs applications on a device. On the Request Command screen, select the application that you want to install. NOTE—The Application installation blocklist or allowlist policies take a higher priority than device commands.
Uninstall App	Deletes applications from a device. On the Request Command screen, select the application you want to uninstall. NOTE—The Application uninstallation prevention list setting policy takes a higher priority than device commands.
Apply Latest internal App Information	Sends the latest internal application information and updates the device according to the information.

Knox Manage

Device command	Description
Push Notification	Sends an emergency message to the device. You can add a push notification message of up to 80 characters. The message icon shows on the status bar of the device. When prompted on the Push Notification screen, enter the title and content of the message.
Unenroll Device	Unenrolls a selected device on the device list.
Update User Information	Updates the device user information such as the user activation status, username, user settings—such as Secure Browser website URL information and bookmark information—as well as license information. If the user is logged out from the enrolled device, you can send this device command to enable the user to log in to Knox Manage automatically.
Lock Screen of Knox Manage agent	Locks the Knox Manage agent. When the application is locked, the users have to enter the screen lock password that was configured during installation. If a user forgets the password of Knox Manage agent screen lock, you can send the Delete Account command to log the user out from the Knox Manage agent. Then, the user can set the password again upon login.
Unlock Knox Manage agent	Unlocks the Knox Manage agent.
Delete Account	Deletes the account registered in the Knox Manage agent.
Collect Audit Log	Collects the Knox Manage audit logs of the device. When the log size exceeds the maximum size, logs are automatically sent to the server, but the log file may be lost. For more detailed information, see Viewing audits.
Collect Device Log	Collects the logs of devices.
Collect Diagnosis Information	Collects a device log to diagnose the cause of device lock. NOTE—Personally identifiable or sensitive information is data masked.
Sync App Auto-removal Property (When service is deactivated)	If the value of Delete app during Unenrollment process has changed in the server configuration, this option syncs the application auto-deletion property when managed applications are deactivated.

Device Info.

Device command	Description
Collect current location	Shows the current location of the device. To view the location of a device after sending a device command, navigate to Device, click the check box for the device, and then click Check Location. Each time the IT admins sends the device command to collect current location, the user must consent to collecting device location data. Alternatively, the device user can provide consent to collect location data as a background process. Before IT admins can collect location data for iOS devices as a background process, the following prerequisites must be met: KM admin portal setting—IT admins must allow the collection of location data from the KM Admin Portal > left navigation menu > Setting > Configuration > Knox Manage Agent Policy > Allow Collecting Location Data > set to Allow. User acceptance—When the device user is prompted on the device to allow collection of location data by the KM agent, the device user must select Always Allow. After these prerequisites are met, the device’s location data is now collected whenever the device moves 500 m or more. Location history for iOS devices is stored for 30 days from the last collection date. The check location device command is activated in case of devices where device location data is collected. IT admins can view this information from the KM Admin Portal > left navigation menu > Device > iOS Device Command screen > click Check Location > Check Location screen.
Sync Device Information	Updates the inventory and application information on the device. To view the updated information after sending the device command, navigate to Device, click a device name or tag, and view the information on the Device Detail page. NOTE—For iOS devices, only the hardware status is updated.
Sync Installed App List	Updates the information of installed applications. For iOS devices, you can also request to delete application feedback when sending the device command. To view the list of installed applications after sending a device command, navigate to Device, click a device name or tag, and click the Application tab.
Check Connection Status	Checks the service connection status of the device. To check the status of the device after sending the device command, navigate to Device, click a device name or tag, click the Security tab, and view the connection status below the device name. For information on the different connection statuses, see Device connection statuses.
Collect Profile ID	Collects the ID of the profile applied to the device. If the device was enrolled, then the ID is automatically collected from the device’s inventory information without sending the device command.