Home / Knox Manage / New Knox Manage console / Manage rules /

Create rules

Last updated June 4th, 2026

This document is new for the Knox cloud services 26.06 UAT.

Rules trigger specific actions on a device once predefined conditions, such as a geographical radius, are met. Rules eliminate the need to continuously apply actions or policy settings. This conditional application makes them ideal for scenarios where you need different device behaviors in specific situations.

Rules operate similarly to event profiles in the original console, but offer more actions. While event profiles only push profiles to devices once they meet the predefined conditions, rules also enable the following actions to perform on devices: Remove all managed apps, Lock devices, Reboot devices, and Send push notification to devices.

If you have assigned an event profile to a group in the original console, you must unassign it before you can assign a rule in the new console.

If you want to create a profile to push to devices when a specific condition is met, it’s recommended that you create the profile before you begin configuring the rule. Otherwise, you must leave the Create rule page and your progress is lost.

To create a rule:

  1. Go to the Rules page and click CREATE RULE.

  2. Enter a Rule name and an optional Description. Then click NEXT: CONDITIONS.

  3. On the Choose condition category screen, select and configure one of the below categories:

    Schedule

    The schedule condition applies rules at specific times and days of the week. For instance, you could configure a profile of security settings to deploy to a device during a device user’s work hours.

    • When the rule triggers, it might take ten minutes or more to apply settings to the device. If you have time-sensitive settings, consider scheduling the rule ten minutes early.
    • For non-Samsung devices or Samsung devices with a work profile, device users are prompted to accept or deny the change and permit the Knox Manage agent to run in the device’s background.
    • Fully managed devices do not require user permission to run the event.

    Configure the following fields:

    • Time zone — Select a time zone. Per each rule, you can only set conditions for a single time zone.
    • Day — Select a day or days of the week. You can’t set more than one schedule for each individual day.
    • Start time — Select a start time.
    • End time — Select an end time.

    Click to add your configuration.

    Configure the schedule rule.

    Geofence

    The geofence condition applies rules when devices are inside or outside of a specific geographical radius. For example, you could configure a profile of security settings to deploy to a device when the device user arrives at a jobsite.

    • The GPS must be enabled on devices for the geofence condition to work.
    • For non-Samsung devices running Android 9 and higher, you need to enable the Google Location Accuracy setting if your device supports geofencing. To enable this setting, see Turn your phone’s location accuracy on or off.

    This condition is not available in South America.

    Configure the following fields:

    • Trigger actions if — Select one of the below options:
      • Device is within the geofenced location
      • Device is outside the geofenced location

    The Add geofence dialog opens. Search for an address, then set a radius in meters. The location and radius display on the map. Click CONFIRM.

    Configure the geofence rule.

    Once you add a configuration, you can hover over it with your cursor to edit it or delete it. You can add up to 20 configurations.

    Network

    The network condition applies rules when devices connect to a Wi-Fi network with a specific SSID or MAC address.

    For devices running Android 9 and higher, the Location settings policy must be enabled to allow searching Wi-Fi SSIDs and MAC addresses.

    Configure the following fields:

    • Network detection type — Select one of the options below:
      • SSID — Enter a SSID. Only alphanumeric characters and the following special ones are permitted: . (period), : (colon), and – (hyphen).
      • MAC address — Enter a MAC address.

    Click the icon to add your configuration. You can add up to 20 configurations.

    Configure the network rule.

    SIM

    The SIM condition applies rules when a physical SIM card is inserted or removed. No additional configurations are needed to set this condition.

  4. After you’ve configured a condition, click NEXT: ACTIONS.

  5. On the Actions screen, you can enable the following actions, as well as a push notification, to send to devices when they meet the conditions.

  • Push profile — Select a profile to push to devices. You can click VIEW PROFILE DETAIL to see its configured policy settings. The profile is removed when the devices no longer meet the conditions.

If a profile is already assigned to devices, it’s not unassigned when this profile is pushed. Instead, both profiles apply to the devices at the same time. If the policy settings conflict between profiles, then the profile with the higher priority is applied. See View profiles to learn more.

  • Remove all managed apps — Removes all managed apps from devices. The apps aren’t restored when the devices no longer meet conditions.
  • Lock devices — Locks devices. The devices are unlocked when they no longer meet conditions.
  • Reboot devices — The devices are rebooted once.
  • Send push notification to devices — Sends a custom message to device users. Enter a Notification title and Notification body.
  1. Click NEXT: REVIEW. On the Review screen that opens, review the rule you set. Edit any sections if needed, or click NEXT: ASSIGN.
  2. On the Assign screen, select a group or groups to assign the rule to, then click ASSIGN.

The rule is created.

Is this page helpful?