*BASICS*
The Knox Ecosystem
White Paper
- Introduction
  - The Samsung Knox Platform
  - Feature Summary
- Core Platform Security
- Network Security
  - Virtual Private Networks
  - Network Platform Analytics
- Certificate Management
- Device Management
- User Authentication
  - Biometric Authentication
- App and Data Protection
- Appendix
Samsung Knox Portal
Knox Cloud Services
- Sign in with SSO
General Knox Support
Knox Licenses
*FOR IT ADMINS*
Knox Admin Portal
- About
- Introduction
  - Select Knox services
- Features
- Knox Remote Support
- Release notes
Knox Suite
- Introduction
- How-to videos
- Get started
- Learn more about Knox Suite
- Enterprise Edition devices
- FAQ
- KBAs
Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
  - Before you begin
  - User agreements for Android device management
- Get started with UEMs
- Knox Service Plugin
- Release notes
- Migrate to Android 11
  - Device management modes
  - Prepare Knox for Android 11
- FAQs
- Troubleshoot
  - Get device logs
- KBAs
Knox Mobile Enrollment
- Introduction
- Get started
- Features
- Release notes
- FAQ
- Troubleshoot
  - Get support
- KBAs
- On-Premise
Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- End users: Get started
  - Getting started with Knox Capture
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
Knox Asset Intelligence
- Introduction
- Get started
- Set up reported device data
- Features
- Troubleshoot
  - Device-side errors
  - Portal-side errors
- Real-time location service
- Release notes
- FAQ
- KBAs
Knox Manage
- Introduction
- How-to videos
- Get started
- Configure
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
  - Install an app to devices through an EMM
  - EMM compatibility matrix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
  - Knox E-FOTA Advanced
  - Knox E-FOTA on MDM
Knox Guard
- Introduction
- How-to video
- Get started
  - Get access to the portal
  - Knox Guard status flow
- Using Knox Guard
- Release notes
- FAQ
- KBAs
- Support
Samsung Care+ for Business
- Introduction
- Get started
- Submit claim
- Features
- Release notes
- FAQ
- KBAs
*FOR PARTNERS*
Knox Deployment Program
Knox MSP Program

View alerts

To view the alerts of audit events, complete the following steps:

1. Navigate to History > Alert.

2. On the “Alert” page, enter a device name, select an alert type, event type, audit event, level of alert, log date, and set the period, and then click Search.

3. Click the alert you want to view.

There are four categories of alerts:
- Failed Policies: Informs you that sent device commands or policies are not applied to devices.
- Changes in Device Status: Informs you of the device’s status change to Disconnected. In this case, you cannot control the device because the Keepalive settings are expired and the device does not communicate with the Knox Manage server.
- Security Violation: Informs you of devices on which security violations have been detected during periodical device inspection.
- Others: Informs you of the occurrence of other types of audit events.

4. On the “Audit Log Details” area, view the detailed information about the audit event.

The necessary actions you must take according to the alert category are as follows:

Alert category	Description
Failed Policies	If you cannot click the mobile ID on the alert list, it means the device’s status is Unenrolled, Provisioning, or Disconnected and the policies are not applied. Check the device’s status in Device. If you see a log message about APNs or FCM in the “Log Detail” area, it means the Public Push value is not registered. Register an APNs certificate in Setting > iOS > APNs Setting. To configure the FCM settings, contact a TMS administrator.
Changes in Device Status	Click the mobile ID of the disconnected device and check the Keepalive status. Also, tell the device user to check the device’s network connection status. The violation of Keepalive is detected when the connection of the device and the server is lost longer than the time set in the Keepalive settings.
Security Violation	View the name of the package or application reported as the cause of the problem in the “Log Detail” area and uninstall the package or application. When the device’s status is Disconnected, the audit event “Agent Request to report policy violation” occurs. In Service Overview > Log and Event > Audit Log, search for and view the audit log to find out the cause of the disconnection.