- Basics
- The Knox Ecosystem
- White Paper
- Samsung Knox Portal
- Knox Cloud Services
- General Knox Support
- Knox Licenses
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
Non-shared Android device enrollment quickstart
Knox Manage has a special method of preparing an Android device, called non-shared. You can consider it as a special enrollment method that's unique to fully managed devices.
The purpose of non-shared mode is to configure and enroll the device with a staging user, like a shared device, and then seamlessly transfer it to the actual user by transforming it into a fully managed device. Once the transformation takes place, the device can't be reverted to its non-shared state. Because the majority of the configuration and enrollment activities take place when the device is in the admin's possession, this new method minimizes disruption of the device user in demanding on-premises environments where they aren't equipped, capable, or free to enroll the device on their own. It also offers a way to standardize device devices.
During setup, a non-shared device is like a typical shared device intended for a single business purpose, except it's destined to be operated by only one user. Like shared devices, a non-shared device receives a basic configuration and a staging user for testing and administration, and applies a profile payload when an assigned user account authenticates. You can pre-load content and pre-install apps to the device, so long as you assign them to the group of the user account intended for enrollment.
Supported devices
You can set up devices running Android 9 or higher in non-shared mode.
Supported management features
Non-shared devices are subject to the following limitations in Knox Manage:
- They can be enrolled with the token, QR code, Knox Mobile Enrollment, and Zero-touch enrollment methods.
- They support a subset of the total Android device commands. To see which are compatible, check the Supported system column in the Android Enterprise device command reference.
Set up a non-shared Android device
The process to set up a non-shared device has the following stages:
- Register a staging user
- Configure the staging user settings
- Prepare apps and content for the device
- Enroll the device
- Provision the device
1. Register a staging user
A non-shared device must be enrolled and set up with a staging user before it's deployed. The staging user is an account with a supervisory scope that carries the basic device configuration and settings prior to provisioning the destination user.
To create a staging user:
- Go to User, then click Add.
- Fill in the basic and required user account information. For more detailed instructions, see Register a single user account.
- Set Staging user to Yes.
- Set Using Type to Non-shared Device.
- Save and confirm.
2. Configure the staging user settings
Next, configure the device settings for the staging user:
- Go to Setting > Configuration > Staging Device.
- Click
to add a unique configuration for the staging user. -
As needed, set Utilities Setting to Allow and select which Android features to enable for the staging user:
- Power
- System Status Bar
- Notification Bar
- Key Guard
-
As needed, under Device Setting, select the items that the staging user can access in the Settings app on the device:
- Wi-Fi
- Bluetooth
- NFC
- Mobile Data
- Mobile Networks
- Hotspot
- Location
- As needed, turn on Wi-Fi and preconfigure an access point that the device can connect to while in the staging state.
- Click Select Staging User and select the staging user from the list.
- Click Save & Apply to finish configuring the staging user settings.
3. Prepare apps and content for the device
Next, pre-install the apps and content for the device. You can take two approaches to accomplish this:
- Add the staging user and destination user accounts to the same group, then assign the apps and content to that group. This approach speeds up enrollment by downloading all the apps and content to the device before it's deployed.
- Assign the apps and content to individual destination users. This approach offers more flexibility and user-based customization, but results in slower enrollment as the device must download all content and apps once it's in the user's possession.
To prepare the apps and content for the non-shared device:
- (Optional) Add the staging user and destination users to the same user group.
- Assign the required apps to the group or individual destination users.
- Assign the required content to the group or individual destination users.
4. Enroll the device
Lastly, after preparing the staging user, apps, and content, you can enroll the device:
- Enroll the device. For instructions about enrolling a single device with the available methods, see Enroll a single device.
-
After enrollment, go to Device, then search for and find the device. Verify that its value in the Platform & Management Type column is Non-shared Device. Its device name is the name you chose during enrollment, with the staging user name prepended.
-
Depending on how many apps and how much content you assigned to the staging user, it takes 5–10 minutes to prepare the staging device. During enrollment, ensure the device is connected to the internet for at least that length of time. After this period, you have two methods to verify that all the apps and content installed to the device:
- To verify that the apps installed, on the Knox Manage console, go to Device, then click the device's name. On the Device Detail page, open the Application tab, then the Assigned Application tab. In the app list, if the app installed successfully, its Install Status will be Installed.
- To verify that the content synced, on the device, open the Knox Manage agent, then go to Setting and tap Exit Non-shared mode. Keep in mind that this interrupts the enrollment flow, and should only be used for testing purposes.
5. Provision the device
After the device is enrolled, it's ready for deployment and provisioning. The next step is to deploy the device to the destination user.
Once deployed, the device user must:
-
Power on the device. The Knox Manage agent prompts them to sign in.
-
(Optional) Tap
Download Configuration, then tap the Wi-Fi configuration you pre-configured for the device. The device connects to the access point.
- Sign in with their Knox Manage account credentials.
- If they agree to the Privacy Policy, select I agree and tap Next.
Once the device user signs in, the device enters fully managed mode and permanently removes the staging user. You can verify that it provisioned correctly on the Knox Manage console:
-
Go to Device, then search for and find the device. Its Platform & Management Type should now be Fully Managed, and Its user and device name should be updated to reflect the provisioned user.
