Knox Remote Support agent
Last updated April 3rd, 2024
This page describes how to set up Knox Remote Support for both the Knox Admin Portal and Knox Manage, and covers how to enable the Knox Remote Support agent with the required EMM policies for your devices.
In order for Knox Remote Support to function, the device user must install the Knox Remote Support agent. The agent can either be installed through Google Play or by an IT admin through app assignment.
The agent supports different features depending on the device’s management type and installation area:
| Device | Supported features when Knox Remote Support agent is installed in the personal profile | Supported features when Knox Remote Support agent is installed in the work profile |
|---|---|---|
| Work profile on company-owned devices protected by Knox |
Remote control - Swipe screen Remote control - Hardware key input Screen sharing Unattended access File sharing Screen capture Video recording Connection time logging DeX support |
Not supported |
| Work profile on company-owned devices |
Remote control - Swipe screen Remote control - Hardware key input Screen sharing Unattended access File sharing Screen capture Video recording Connection time logging DeX support |
Remote control - Swipe screen Remote control - Hardware key input Screen sharing Unattended access File sharing Screen capture Video recording Connection time logging DeX support |
| Android Legacy devices protected by Knox |
Remote control - Swipe screen Remote control - Hardware key input Screen sharing Unattended access File sharing Screen capture Video recording Connection time logging DeX support |
Remote control - Swipe screen Remote control - Hardware key input Screen sharing Unattended access File sharing Screen capture Video recording Connection time logging DeX support |
| Android Legacy devices |
Screen sharing Unattended access File sharing Screen capture Video recording Connection time logging DeX support |
Remote control - Swipe screen Remote control - Hardware key input Screen sharing Unattended access File sharing Screen capture Video recording Connection time logging DeX support |
Make sure you also keep the agent up-to-date so your support sessions work as expected.
Install and enable the Knox Remote Support agent
To use Knox Remote Support from the Knox Admin Portal
If you’re using Knox Remote Support from the Knox Admin Portal, you can:
-
Ask the device user to install the Knox Remote Support agent from the Google Play Store, then directly share an access code with them. If you choose this method, you won’t be able to automatically start or ask users to start a remote session.
-
Set up and deploy the Knox Remote Support agent to fully managed devices through an EMM, then Automatically start or Ask users to start a remote session. To do so, you need to set up managed configurations for the agent in your EMM. If you use this method for non-fully managed devices, those devices aren’t added to the Devices menu.
Only fully managed Samsung devices running the Knox platform support the Automatically start option.
Set up managed configurations
Before you start, go to Knox Remote Support in the Knox Admin Portal navigation menu. Then, click your username in the top-right corner and copy the Secret Key. You’ll need to enter this key later.
Then, to configure these policies in your EMM:
-
In your EMM console, add Knox Remote Support to Managed Google Play.
-
Go to the managed app configuration for Knox Remote Support. Then, for Secret Key, paste the key you copied earlier.
-
Set the following policies for the device:
Policy Value Required? Automatically install the Knox Remote Support agent True Required Automatically run the agent after installation True Required Prevent device users from deleting the agent True Optional -
Save your policies and deploy them to the devices.
Once the agent is installed on the device, you can see it on the Knox Remote Support Device page.
Use Knox Remote Support from Knox Manage
If you’re using Knox Remote Support from the Knox Manage console, you have two options:
-
Ask the device user to install the Knox Remote Support agent from the Google Play Store.
-
Add the agent to Managed Google Play, then set the following policies on the Assign Application page before assigning it to the device.
Policy Value Installation type Automatic Auto-run after installation Yes
In the device’s profile, under Android Enterprise > Application > App Uninstallation Prevention List Setting, add the agent to prevent the device user from deleting it.
If a device user is enabling Knox Remote Support from the Knox Manage agent, they have the option to install, update and, run the agent in the kiosk mode of the device. For details on how, see Access Knox Remote Support from kiosk.
Fully enable Knox Remote Support for devices enrolled in an EMM
For devices enrolled in an EMM, you must also enable the appropriate Knox Service Plugin policy. Without this policy, basic Knox Remote Support functionality may be severely impacted. The remote device won’t stream its screen, resulting in a blank live view in the Viewer.
To fully enable the Knox Remote Support agent on devices enrolled in an EMM:
-
Go to your EMM console and edit the policies for your device.
- If you’re a Knox Manage user, go to Profile, then click the name of the device’s profile. Then, click Modify Policy > Samsung Knox.
-
Set the following policies depending on the device’s platform and enrollment type:
-
Personally-owned Android Enterprise device:
Policy Value Knox Service Plugin > Work Profile Policies (Profile Owner) > Enable work profile Policies True Knox Service Plugin > Work Profile Policies (Profile Owner) > Advanced Restriction Policies in work profile (Premium) > Allow remote control True -
Fully managed or company-owned Android Enterprise device:
Policy Value Knox Service Plugin > Device-wide policies… > Enable device policy controls True Knox Service Plugin > Device-wide policies… > Advanced Restriction policies (Premium) > Allow remote control True
-
Automatically grant app permissions to the Knox Remote Support agent
If you want to automatically start remote support sessions on your devices, you need to set certain policies to bypass the prompt asking device users to manually grant permissions.
If you’re a Knox Manage user:
-
In the Knox Manage console, begin modifying the policies in your profile.
-
Set the Android Enterprise > Application > App Permission policy to Prompt, then click Add.
-
In the app dialog, search for and select Knox Remote Support ( com.sds.emm.sers ).
-
In the app permissions dialog, Grant the following:
- read phone status and identity
- android.permission.READ_PHONE_NUMBERS
- post notifications (for Android 13 and higher)
-
Save your profile and deploy it to the devices.
If you’re an EMM user, grant the following app runtime permissions to the Knox Remote Support agent:
- read phone status and identity
- android.permission.READ_PHONE_NUMBERS
- post notifications (for Android 13 and higher)
Resolve device admin errors with Android Enterprise
In some cases, Android Enterprise devices might display error notifications related to device admin notifications, and Knox Remote Support might fail to launch. If this behavior occurs after setting the Knox Service Plugin policies in the previous section, then you should enable the following additional Knox service Plugin policies to resolve the issue:
-
Go to your EMM console and edit the policies for your device.
- If you’re a Knox Manage user, go to Profile, then click the name of the device’s profile. Then, click Modify Policy > Samsung Knox.
-
Under Knox Service Plugin > Device-wide policies… > Device Admin allowlisting, set the following policies:
Policy Value Enable device admin controls True Allowlisted DAs Add an admin named Knox Remote Support
On this page
Is this page helpful?