Back to top

Cannot activate email client as a device admin app during account setup

Last updated July 26th, 2023



  • Knox Platform for Enterprise (KPE)
  • Knox Manage (KM)
  • Knox Service Plugin (KSP)
  • Android Enterprise
  • Email


When a user is configuring an account on an email client, they are requested to activate the client as a Device Admin App. If the device is enrolled as an Android Enterprise device with an EMM, they may encounter the message “Security policy prevents enabling device administrators” when the activation is attempted.


The ability to activate Device Admin Apps is disabled by default. In order to grant this permission, the email client package name must be added to an allowlist in Knox Service Plugin prior to setting up the email account.


To configure the Device Admin allowlisting policy in KSP go to:

  1. Device-wide policies > Device Admin allowlisting.

  2. Set Enable device admin controls to Enable.

  3. Enter the email client package name in Allowlisted DAs.

  4. Save and publish the KSP policy.

Is this page helpful?