Menu

Windows

This section describes the policies you can configure for Windows devices.

The availability of each policy varies depending on the OS version.

System

Allows the use of features such as factory reset, camera, screen capture and VPN.

Interface

Controls the network settings, such as Bluetooth, Wi-Fi tethering, and NFC.

Security

Configures the password settings.

Application

Allows using the Windows App Store and configuring options for application controls, such as installation and blocklist/allowlist.

Phone

Allows overseas data roaming.

Etc

Allows deleting PPKG (Provisioning Package) files or MDM profiles while using them.

Wi-Fi

Configures the Wi-Fi settings, such as SSID, security type, and proxy.

Exchange

Configures the settings of a Microsoft Exchange ActiveSync account to synchronize data with it.

VPN

Configures VPNs (Virtual Private Network) on Windows devices.

Certificate

Configures the Knox Manage agent Root, user certificates, and server certificates for use on the device.

System

Policy

Description

Supported devices

Factory reset

Allows a device factory reset.

Windows 10 (Mobile / Desktop) or higher

Camera

Allows using the camera.

Windows 10 (Mobile / Desktop) or higher

Screen Capture

Allows using the screen capture function.

Windows 10 (Mobile) or higher

VPN

Allows modifications to the VPN settings.

Windows 10 Pro, Business, Enterprise, Education (Mobile / Desktop)

Interface

Policy

Description

Supported devices

Wi-Fi

Allows the use of Wi-Fi.

Windows 10 Pro, Business, Enterprise, Education (Mobile / Desktop)

> Wi-Fi Tethering

Allows tethering the Wi-Fi connection.

Windows 10 Pro, Business, Enterprise, Education (Mobile / Desktop)

Bluetooth

Allows the use of Bluetooth.

Windows 10 Pro, Business, Enterprise, Education (Mobile / Desktop)

> Search Mode

Allows using device search via Bluetooth.

Windows 10 Pro, Business, Enterprise, Education (Mobile / Desktop)

NFC

Allows the use of NFC (Near Field Communication).

Windows 10 (Mobile)

USB

Allows USB tethering connections.

Windows 10 (Mobile)

Removable Storage Allows or blocks the usage of removable storage devices. Default: Allow. Windows 10 Pro, Business, Enterprise, Education (Desktop)

Security

Policy

Description

Supported devices

Password policies

Set to apply the password policy when the screen is locked. The camera is disabled in screen lock mode.

NOTE— If you have enabled Samsung Knox Manage for a device with no password, certificates registered in the device will be deleted.

Windows 10 (Mobile) or higher

> Maximum Failed Login Attempts

Set the maximum number of incorrect password attempts.

The value can be between 3 - 998 times.

NOTE— If you enter the wrong password more than the allowed number of times, a challenge phrase appears, and then the system begins the factory reset operation. A challenge phrase is a particular phrase that is presented to you to disable the autofill feature and protect your information. You need to enter the case sensitive challenge phrase exactly.

Windows 10 (Mobile) or higher

> Minimum length

Set the minimum length of the password.

The value can be between 4 - 16 words.

Windows 10 (Mobile) or higher

> Maximum Screen lock grace period (Minutes)

Set an idle time before the screen lock is enabled.

The value can be between 0 – 999 minutes.

Windows 10 (Mobile) or higher

> Expiration after (days)

Set the maximum number of days before the password must be reset.

The value can be between 0 - 730 days.

NOTE— Set the number to 0 for an indefinite period.

Windows 10 (Mobile) or higher

> Retain history for

Set the number of times that you can reuse the password that you previously used, including the current password.

The value can be between 2 - 50 times.

Windows 10 (Mobile) or higher

Application

Policy

Description

Supported devices

Windows App store access control

Allows access to the Windows App Store.

Windows 10 (Mobile) or higher

Add App Install Black/Whitelist

Set the Windows application policies based on the blocklist or the allowlist.

Windows 10 (Mobile/Desktop) or higher

> Add Preloaded App Automatically

Set to automatically add preloaded applications.

Windows 10 (Mobile/Desktop) or higher

> App Install/Run Whitelist

Add applications to allow their installation. Any applications not on the allowlist are deleted, even if previously installed.

  • To add an application, click Add, and then select applications in the “Select Application” window.
  • To delete an application, click next to the added application.

NOTE— Knox Manage agent is automatically registered on the list.

Windows 10 (Mobile/Desktop) or higher

> App Install/Run Blacklist

Add applications to prohibit their installation. Blocked applications will be deleted even if they were previously installed.

  • To add an application, click Add, and then select applications in the “Select Application” window.
  • To delete an application, click next to the added application.

NOTE— An application that has been added on the App Install/Run Whitelist cannot be added.

Windows 10 (Mobile/Desktop) or higher

Phone

Policy Description Supported devices
Data connection during roaming Allows overseas data roaming Windows 10 (Mobile/Desktop) or higher

Etc

Policy Description Supported devices
Delete PPKG Allows users to delete provisioning package (PPKG) files while using them. Windows 10 (Mobile/Desktop) or higher
MDM Client Unenrollment Allows users to delete MDM profiles while using them. Windows 10 (Mobile/Desktop) or higher

Wi-Fi

You can add more Wi-Fi policy sets by clicking .

Policy

Description

Configuration ID

Assign a unique ID for each Wi-Fi setting.

Description

Enter a description for each Wi-Fi setting.

Network Name (SSID)

Enter the identifier of a wireless router to connect to.

You can also click Lookup to open the reference items list and select an item from it. The reference value will be automatically entered.

Security type

Specifies the access protocol used.

> Open

Allows a Wi-Fi connection without a password.

> WEP

Set a password in the Password field.

> WPA2 Personal

Set a password in the Password field.

> EAP

Enter an EAP XML configuration code.

NOTE— The EAP XML tab is enabled only when EAP is selected for the Security type.

Auto connection

Check to use an automatic Wi-Fi connection.

Hide Network

Check the checkbox to hide the network from the list of available networks on the device. The SSID does not broadcast.

Proxy Server and Port

Enter the IP address of a proxy server and the port number of the proxy server.

Exchange

You can add more Exchange policy sets by clicking .

Policy

Description

Configuration ID

Assign a unique ID for each Exchange setting.

Description

Enter a description for each Exchange setting.

User information input method

Select an input method for entering user information.

> Manual Input

Select to manually enter the email address, account ID, and password of a user.

You can also click Lookup to open the reference items list and select an item from it. The reference value will be automatically entered.

> Connector interworking

Select to choose a connector from the User Information Connector list.

NOTE— All the connectors are listed in Advanced > System Integration > Directory Connector. The email account that is registered is the one registered in the connected directory’s information.

> User Information

Select to access the exchange server using the registered Knox Manage email and ID. The password must be entered from the user’s device.

Domain

Enter a domain address for the Exchange server.

You can also click Lookup to open the reference items list and select an item from it. The reference value will be automatically entered.

Server Name

Assign an Exchange server name.

Diagnostic Logging

Select a configuration level for diagnostic logging.

  • Logging off: Does not leave a record in the Event Viewer log.
  • Basic logging: Configure the default diagnostic log information.
  • Advanced logging: Configure the diagnostic log information for the security-related events.

Sync Schedule

Select the interval period to sync the incoming emails.

Sync measure for the early data

Select the interval period to sync the past emails.

Sync calendar

Syncs schedules on a calendar from a server to a device.

Sync contacts

Syncs contact information in a phone book from an Exchange to a device.

Sync Email

Syncs emails from an Exchange to a device.

Sync task

Syncs tasks from an Exchange to a device.

SSL

Set to use SSL for email encryption.

VPN

You can add more VPN policy sets by clicking .

Policy

Description

Configuration ID

Assign a unique ID for the VPN setting.

Description

Enter a description for the VPN setting.

VPN vendor name

Select a VPN vendor from the following:

  • Pulse Secure
  • Check Point Capsule VPN
  • F5 Access
  • Palo Alto Networks GlobalProtect
  • SonicWall Mobile Connect

Server address

Enter the IP address, host name, or URL of the VPN server that the device needs to access.

Customer Configuration

Enter the VPN vendor-specific settings in the XML format and click Save.

Remember Credentials

Check to use remember credentials.

Always On

Check to use always on mode.

Lock Down

Check to use lock down mode.

DNS Suffix

Enter a DNS Suffix.

Trusted Network

Enter the IP address, host name, or URL.

Proxy Settings

Select the setting for the proxy server.

  • Manual: Enter the IP address of the proxy server.
  • Auto: Enter the Auto Config URL.

Certificate

You can add more certificate policy sets by clicking .

Policy

Description

Configuration ID

Assign a unique ID for each certificate setting.

Description

Enter a description for each certificate setting.

Certificate category

Select a certification category.

  • Root: Select a certificate to use. Among the certificates registered in Advanced > Certificate > External Certificate, those with the Purpose set as CA Cert and Type set as Root will appear on the list.
  • User: Select a certificate to use. Among the certificates registered in Advanced > Certificate > External Certificate, those with the Type set as User will appear on the list.
  • Server: Select a certificate to use. Among the certificates registered in Advanced > Certificate > External Certificate, those with the Type set as Server will appear on the list.