Basics
About Knox
Knox licenses
Knox white paper
- Introduction
  - The Samsung Knox Platform
  - Feature Summary
- Core Platform Security
- Network Security
  - Virtual Private Networks
  - Network Platform Analytics
- Certificate Management
- Device Management
- User Authentication
  - Biometric Authentication
- App and Data Protection
- Appendix
Sign up for Samsung Knox
- Samsung Account
- Single sign-on
Latest release notes
General Knox FAQ
General Knox KBAs
Submit a support ticket
User Acceptance Testing
- Introduction
- Get started with UAT
- Report issues
- UAT limitations
- FAQ
- UAT 23.03 release notes
For IT admins
Knox Admin Portal
- Overview
- What's new
- Get started
- How-to guides
- Knox Remote Support
- Release notes
Knox Suite
- Introduction
- How-to videos
- Get started
- Learn more about Knox Suite
- Enterprise Edition devices
- FAQ
- KBAs
Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Knox Service Plugin
- Release notes
- Migrate to Android 11
  - Device management modes
  - Prepare Knox for Android 11
- FAQs
- Troubleshoot
  - Get device logs
- KBAs
Knox Mobile Enrollment
- Introduction
- Get started
  - Before you begin
  - Firewall exceptions
- Features
- Advanced profiles
- Release notes
- FAQ
- Troubleshoot
  - Get support
- KBAs
- On-Premise
Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- End users: Get started
  - Getting started with Knox Capture
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
Knox Asset Intelligence
- Introduction
- Get started
- Set up reported device data
- Features
- Troubleshoot
  - Device-side errors
  - Portal-side errors
- Real-time location service
- Release notes
- FAQ
- KBAs
Knox Manage
- Introduction
- How-to videos
- Get started
- Configure
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
  - Install an app to devices through an EMM
  - EMM compatibility matrix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
  - Knox E-FOTA Advanced
  - Knox E-FOTA on MDM
Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Release notes
- FAQ
- KBAs
- Support
- Knox Guard REST API
Samsung Care+ for Business
- Introduction
- Get started
- Submit claim
- Features
- Release notes
- FAQ
- KBAs
For Knox Partners
Knox Deployment Program
Knox MSP Program

List of environment settings

The environment settings by category are as follows. All options have default values and the values can be modified.

Preferences

Country/Time

Option	Description
Default Country Code	Select the country of the Admin Portal. The country code and the corresponding language are used for user agreements, privacy policy, administrator/user enrollment, and public application enrollment on user devices.
Time Zone	Select the time zone of the Knox Manage server. Based on the time zone, the information in the Admin Portal is displayed, tasks and events scheduled by administrators are performed, and user and device statistics are collected.
Date Format	Set the date format to be applied to all screens that show dates, such as the Last updated field.

Logo

For more information about setting the log, see Setting the logo.

Option	Description
Logo Image	Click Select Image and upload the image file of your company logo. The image must be a GIF, JPG, PNG, or BMP file. The file cannot be larger than 190 x 33 and must be 1 MB or lower. Click Default to use the default image as your company logo.
Header Color	Click the color box and set a color for the header.
Header Font Color	Click the color box and set a color for the header text.
Preview	Preview the company logo.

Authentication/Login

Configure the settings about the login environment and the administrator account.

Option	Description
Two-Factor Authentication	Enable the use of OTP authentication as well as an account ID and password when administrators sign in to the Admin Portal. For OTP authentication, the administrator's mobile phone number or email address is required.
Allow Multi-point Logins	Allow concurrent logins to the Admin Portal.
Action When Admin Login Fails	Select the response of the Knox Manage server when there are successive failed login attempts. Deactivate account until an upper level admin unlocks Disable login for 10 mins No action
Maximum Failed Login Attempts	Enter the maximum number of failed login attempts. When users exceed the maximum, their accounts are locked. You can enter a value from 3 to 10.
Inactivity Limit on Admin Accounts (days)	Enter an inactivity limit for administrator accounts. If sub-administrators or read-only administrators do not sign in for longer than the limit you set, their accounts are locked. To unlock their accounts, they must ask the super administrator. You can enter a value from 10 to 9999.
Maximum Session Timeout (min)	Enter the maximum session time limit for the Admin Portal. If the limit is exceeded, you are signed out automatically. You can enter a value from 1 to 60.

Device

Configure the device management settings.

Option	Description
Update the KM Agent for Android	Specify the method for updating the KM Agent on Android devices. You can choose from the following options: Manual—The device user can manually update the KM Agent on the device. User consent—The KM Agent can be automatically updated on the device, but the device user is shown a prompt asking for their permission to update the KM Agent. The device user can opt out of the update process. Force update—The KM Agent is automatically updated once a day using a background process. The device user cannot opt out of the update process. NOTE—Even if this option is set to Manual or User consent, if the Auto Update Apps on Android Enterprise setting is set to Always auto update, then the Knox Manage agent is automatically updated.
Based on Last Seen (time)	Enter the standard time gap for connection of the device and server. This standard is used for displaying information in the Last Seen column of the device list in the Device menu. If the gap between the current time and the last connected time of a device does not exceed the standard, the Last Seen information of the device is displayed in green. If the gap between the current time and the last connected time of a device exceeds the standard, the Last Seen information of the device is displayed in red. The value is entered in hours.
Limited Enrollment	Enable enrollment of mobile devices using their IMEI or serial numbers.
Limited Enrollment for KME Devices	Enable enrollment of KME devices using their IMEI or serial numbers. Only devices registered through Knox Mobile Enrollment can be enrolled in Knox Manage. Devices cannot be enrolled in Knox Manage through manual registration or the Zero Touch method.
Device Location View Period (days)	Enter the period for saving device location data. You can view the location of devices saved during that time period.
Maximum Number of Active Devices per User	Select the number of devices that can be enrolled per user.
APNs Topic for iOS	When you register an APNs certificate in the Admin Portal, this value is automatically entered. If the value is different from the value in the Current Subject Name field in Setting > iOS > APNs Setting, complete the following steps: Start the command prompt on your PC. Enter `C:/> keytool -v -list -storetype pkcs12 -keystore {APNS certificate filename}.p12 \| find “UID“`. Change the APNs Topic value to the value appearing after `UID=`.
Daily retries for device commands in queue	Select how many notifications you will receive per day to send device commands which are sent but not applied successfully. 0: You receive no notification. 1: You receive a notification at 11 PM local time per tenant. 2: You receive a notification at 10 AM and 10 PM local time per tenant. Unapplied device commands are listed in History > Device Command in Request.
Camera Option from Lock Screen for iOS	Enable the camera feature on iOS devices when the device screen is locked.
User Enrollment for iOS	Enable enrollment of personally-owned Apple devices. For more details about this type of enrollment, see Apple User Enrollment quickstart.
Delete App upon Unenrollment	Enable the applications installed on a device to be deleted when the device is unenrolled. The deletion targets are internal applications for Android devices and all applications installed through Knox Manage for iOS devices.
Delete Content upon Unassignment	For target devices that content sensitive or confidential date that is compromised if the device is unenrolled or unassigned, IT admins can use this option to automatically delete content upon unassignment. Content can be unassigned from a device in the following ways: The device is unenrolled from Knox Manage. The content is unassigned to the device's group or organization. The content is deleted on the Knox Manage console.
Notification that policy is not applied	Enable sending a notification to the device when no profile is applied to a group or organization. When the user turns off the alarm in the device's setting menu, notifications on whether the profile is applied do not show.
Direct boot command polling interval for Android (min)	Set the polling cycle to send the Knox Manage command for Android devices. If the polling interval is 0, polling will not be performed. However, polling is executed once after the Knox Manage Agent is started.

Inventory Scheduler

Configure the interval to collect the device inventory by mobile OS.

Option	Description
Inventory Collection Interval for Android (hr)	Enter the interval for collecting the inventory information for Android devices. You can enter a value from 4 to 24 or 0 (the device inventory is not collected). NOTE—To set an interval for collecting the location data of Android devices, navigate to Profile. Click a profile name and click Modify Policy > Android Enterprise or Android (Legacy) > Location > Report device location interval. For more information, see Location (Android Enterprise) or Location (Android Legacy).
Inventory Collection Interval for iOS (hr)	Enter the interval for collecting the inventory information for iOS devices. You can enter a value from 4 to 24 or 0 (the device inventory is not collected).
Inventory Collection Interval for Windows (hr)	Enter the interval for collecting the inventory information for Windows devices. You can enter a value from 4 to 24 or 0 (the device inventory is not collected).

App & Service Desk

Application

Configure the application deletion setting.

Option

Description

Manage Deletion

Select the area to delete applications from.

Console—Deletes applications only from the application list in the Admin Portal.
Console + Device—Deletes applications from the application list and also from the devices in the assigned groups/organizations.

Knox Manage App Store

Configure the activation of the review feature in the Knox Manage App Store.

Option	Description
Knox Manage App Store Review	Enable users to evaluate and write a review about applications in the Knox Manage App Store.

Service Desk

Enter the service desk information displayed on user devices.

Option	Description
Service Desk Email	Enter the service desk email address.
Service Desk Phone	Enter the service desk phone number.