Unenroll devices

You can unenroll the devices registered in the Knox Manage server. The methods for unenrollment differ depending on the device type.

To delete the Work Profile from Android Enterprise devices or delete Knox Manage from Fully managed devices, send the Unenroll service command to devices.

NOTE—When you unenroll Fully Managed or the Fully Managed with Work Profile devices, the device is factory reset and the microSD cards of the devices with Android 7.0 (Nougat) - 8.0 (Oreo) can be wiped. Be cautious of potential data loss.

To simply change a logged in user’s details, send the Delete account command, and then allow the user to log in again.

Unenroll connected devices

To unenroll devices that are connected to the server, complete the following steps:

  1. Navigate to Device.
  2. On the Device page, click a check box for a device you want to unenroll.
  3. Click Unenroll.
  4. On the Unenroll Device screen, click OK.

Unenroll disconnected devices

When a device is unable to communicate with the server, you can send an offline unenrollment code to the device. Then, the user can change the device’s status manually and unenroll the device.

To unenroll devices that are offline, complete the following steps:

  1. Identify which device needs to be unenrolled. You can get the device's details from the end user. Instruct the user to launch the Knox Manage agent and to go to SettingsOffline Unenrollment. The user's User ID, Device Name, and IMEI/MEID are shown on this screen.

  2. Navigate to Device.

  3. On the Device page, click a check box for a device you want to unenroll.

  4. Click Unenroll.

  5. On the Unenroll Device screen, check the Offline Unenrollment Code.

  6. Click Force Unenroll.

    The unenrollment device command is sent to the device.

  7. Instruct the user to enter the offline unenrollment code (from step 5) in the Knox Manage agent's Offline Unenrollment screen.

    NOTE— You can also find the Unenrollment Code from the Deleted Devices page. To get the code, on the left hand navigation menu, go to Device > in the right button area, click Deleted Devices > in the list of devices that shows, search for the appropriate device. You can find the Unenrollment Code in the list of results.

    When the user enters the received offline unenrollment code, the device becomes unenrolled, corresponding to its status on the server.

NOTE—You can choose to delete the internal applications installed on Android devices and all of the applications installed on devices with iOS 10 to 13 upon unenrollment.

To set automatic deletion, navigate to Setting > Configuration > Basic Configuration > Device, and then set Delete App upon Unenrollment to Yes.

Allow users to unenroll their devices

If a device is connected to a network and can establish communication with the server, then users can unenroll the devices by uninstalling the agent.

To allow the user to uninstall the agent, do as follows:

  1. Navigate to Setting > Knox Manage Agent Policy.

  2. On the Knox Manage Agent Policy page, click the Default tab.

    You can also add more agent policy sets by clicking .

  3. Set the Allow Unenroll Request policy to Allow.

  4. Click Save & Apply.

