*BASICS*
The Knox Ecosystem
White Paper
- Introduction
  - The Samsung Knox Platform
  - Feature Summary
- Core Platform Security
- Network Security
  - Virtual Private Networks
  - Network Platform Analytics
- Certificate Management
- Device Management
- User Authentication
  - Biometric Authentication
- App and Data Protection
- Appendix
Samsung Knox Portal
Knox Cloud Services
- Sign in with SSO
General Knox Support
Knox Licenses
*FOR IT ADMINS*
Knox Admin Portal
- About
- Introduction
  - Select Knox services
- Release notes
Knox Suite
- Introduction
- How-to videos
- Get started
- Learn more about Knox Suite
- Enterprise Edition devices
- FAQs
- KBAs
Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
  - Before you begin
- Get started with UEMs
- Knox Service Plugin
- Release notes
- Migrate to Android 11
  - Device management modes
  - Prepare Knox for Android 11
- FAQs
- Troubleshoot
  - Get device logs
- KBAs
Knox Mobile Enrollment
- Introduction
- How-to videos
- Get started
- Features
- Release notes
- FAQs
- Troubleshoot
  - Get support
- KBAs
- On-Premise
Knox Configure
- Mobile
- Wearables
- Shared Device
- KBAs
Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- End users: Get started
  - Getting started with Knox Capture
- Features
- Release notes
- FAQs
- Troubleshoot
Knox Asset Intelligence
- Introduction
- How-to videos
- Get started
- Set up reported device data
- Features
- Troubleshoot
  - Device-side errors
  - Portal-side errors
- Release notes
- FAQs
- KBAs
- Knox Finder
Knox Manage
- Introduction
- How-to videos
- Get started
- Configure
- Monitor
- Kiosk devices
- Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- FAQs
- KBAs
Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
  - Install an app to devices through an EMM
  - EMM compatibility matrix
- Release notes
- FAQs
- KBAs
- Troubleshoot
- Legacy Knox E-FOTA products
  - Knox E-FOTA Advanced
  - Knox E-FOTA on MDM
Samsung Care+ for Business
- Introduction
- Get started
- Submit claim
- Features
- Release notes
- FAQs
*FOR RESELLERS*
Knox Deployment Program
- Introduction
- Get started
  - Get access to the Reseller Portal
  - Buy from a reseller
- Features
- Release notes
- FAQs
- KBAs
*FOR MANAGED SERVICE PROVIDERS*
Knox MSP Program
- Introduction
- How-to video
- Get started
- Features
- Release notes
- FAQs
- Glossary

MDM enrollment methods

Fully managed device (DO) MDM enrollment matrix

The table below displays DO enrollment methods utilized by KME supported MDMs that allow the device to be fully managed by the enterprise. A device owner (DO) is a privilege assigned to an MDM to apply policies to a device during setup, as part of Android Enterprise enrollment. Using Knox Mobile Enrollment, IT admins and end users can create an MDM profile and let the EMM agent install as a DO (Fully Managed Device) on devices running Knox 2.8 or later.

For information on supported DO MDM partners and how to access their own partner support documentation directly from their Websites, go to: Android Enterprise device owner. For information configuring a DO supported KME enrollment profile, go to: create a profile.

The feature descriptions for listed MDMs are as follows:

End user credential entry – A KME admin can associate both a username and password/secret with device(s) in the KME portal. If no pass through is supported for a particular MDM, the device user may be prompted to enter credentials directly. However, these are associated with user info stored by the MDM, and not KME.
Username pass through – The username assigned to the device(s) in KME is automatically passed through to the MDM. The MDM may still prompt the device user for a password/secret for validation, depending on how it has been configured.
Full credential pass through – Both the username and password/secret assigned to the device(s) in KME are automatically passed through to the MDM. There is no need for the device user to be prompted for credentials (use name and password/secret) to be validated.

Legacy Device admin (DA) MDM enrollment matrix

The table below displays DA enrollment methods utilized by KME supported MDMs. Keep in mind, Device admin (DA) enrollment has been rendered as legacy, and is not recommended unless your device does not support Android Enterprise.

For information configuring a DA supported KME enrollment profile, go to: create a profile.

The feature descriptions for listed MDMs are as follows:

End user credential entry – A KME admin can associate both a username and password/secret with device(s) in the KME portal. If no pass through is supported for a particular MDM, the device user may be prompted to enter credentials directly. However, these are associated with user info stored by the MDM, and not KME.
Username pass through – The username assigned to the device(s) in KME is automatically passed through to the MDM. The MDM may still prompt the device user for a password/secret for validation, depending on how it has been configured.
Full credential pass through – Both the username and password/secret assigned to the device(s) in KME are automatically passed through to the MDM. There is no need for the device user to be prompted for credentials (use name and password/secret) to be validated.

Share it: