Back to top

Knox Remote Support agent

Last updated July 12th, 2024

This page describes how to set up Knox Remote Support for both the Knox Admin Portal and Knox Manage, and covers how to enable the Knox Remote Support agent with the required EMM policies for your devices.

In order for Knox Remote Support to function, the device user must install the Knox Remote Support agent from Google Play Store in the personal or primary profile of the device. It won’t function if installed in a work profile.

Make sure you also keep the agent up-to-date so your support sessions work as expected.

Install and enable the Knox Remote Support agent

To use Knox Remote Support from the Knox Admin Portal

If you’re using Knox Remote Support from the Knox Admin Portal, you can:

  • Ask the device user to install the Knox Remote Support agent from the Google Play Store, then directly share an access code with them. If you choose this method, you won’t be able to automatically start or ask users to start a remote session.

  • Set up and deploy the Knox Remote Support agent to fully managed devices through an EMM, then Automatically start or Ask users to start a remote session. To do so, you need to set up managed configurations for the agent in your EMM. If you use this method for non-fully managed devices, those devices aren’t added to the Devices menu.

Only fully managed Samsung devices running the Knox platform support the Automatically start option.

Set up managed configurations

Before you start, go to Knox Remote Support in the Knox Admin Portal navigation menu. Then, click your username in the top-right corner and copy the Secret Key. You’ll need to enter this key later.

Then, to configure these policies in your EMM:

  1. In your EMM console, add Knox Remote Support to Managed Google Play.

  2. Go to the managed app configuration for Knox Remote Support. Then, for Secret Key, paste the key you copied earlier.

  3. Set the following policies for the device:

    Policy Value Required?
    Automatically install the Knox Remote Support agent True Required
    Automatically run the agent after installation True Required
    Prevent device users from deleting the agent True Optional
  4. Save your policies and deploy them to the devices.

Once the agent is installed on the device, you can see it on the Knox Remote Support Device page.

Use Knox Remote Support from Knox Manage

If you’re using Knox Remote Support from the Knox Manage console, you have two options:

  • Ask the device user to install the Knox Remote Support agent from the Google Play Store.

  • Add the agent to Managed Google Play, then set the following policies on the Assign Application page before assigning it to the device.

    Policy Value
    Installation type Automatic
    Auto-run after installation Yes

In the device’s profile, under Android Enterprise > Application > App Uninstallation Prevention List Setting, add the agent to prevent the device user from deleting it.

If a device user is enabling Knox Remote Support from the Knox Manage agent, they have the option to install, update and, run the agent in the kiosk mode of the device. For details on how, see Access Knox Remote Support from kiosk.

Fully enable Knox Remote Support for devices enrolled in an EMM

For devices enrolled in an EMM, you must also enable the appropriate Knox Service Plugin policy. Without this policy, basic Knox Remote Support functionality may be severely impacted. The remote device won’t stream its screen, resulting in a blank live view in the Viewer.

To fully enable the Knox Remote Support agent on devices enrolled in an EMM:

  1. Go to your EMM console and edit the policies for your device.

    • If you’re a Knox Manage user, go to Profile, then click the name of the device’s profile. Then, click Modify Policy > Samsung Knox.
  2. Set the following policies depending on the device’s platform and enrollment type:

    • Personally-owned Android Enterprise device:

      Policy Value
      Knox Service Plugin > Work Profile Policies (Profile Owner) > Enable work profile Policies True
      Knox Service Plugin > Work Profile Policies (Profile Owner) > Advanced Restriction Policies in work profile (Premium) > Allow remote control True
    • Fully managed or company-owned Android Enterprise device:

      Policy Value
      Knox Service Plugin > Device-wide policies… > Enable device policy controls True
      Knox Service Plugin > Device-wide policies… > Advanced Restriction policies (Premium) > Allow remote control True

Automatically grant app permissions to the Knox Remote Support agent

If you want to automatically start remote support sessions on your devices, you need to set certain policies to bypass the prompt asking device users to manually grant permissions.

If you’re a Knox Manage user:

  1. In the Knox Manage console, begin modifying the policies in your profile.

  2. Set the Android Enterprise > Application > App Permission policy to Prompt, then click Add.

  3. In the app dialog, search for and select Knox Remote Support ( com.sds.emm.sers ).

  4. In the app permissions dialog, Grant the following:

    • read phone status and identity
    • android.permission.READ_PHONE_NUMBERS
    • post notifications (for Android 13 and higher)
  5. Save your profile and deploy it to the devices.

If you’re an EMM user, grant the following app runtime permissions to the Knox Remote Support agent:

  • read phone status and identity
  • android.permission.READ_PHONE_NUMBERS
  • post notifications (for Android 13 and higher)

Resolve device admin errors with Android Enterprise

In some cases, Android Enterprise devices might display error notifications related to device admin notifications, and Knox Remote Support might fail to launch. If this behavior occurs after setting the Knox Service Plugin policies in the previous section, then you should enable the following additional Knox service Plugin policies to resolve the issue:

  1. Go to your EMM console and edit the policies for your device.

    • If you’re a Knox Manage user, go to Profile, then click the name of the device’s profile. Then, click Modify Policy > Samsung Knox.
  2. Under Knox Service Plugin > Device-wide policies… > Device Admin allowlisting, set the following policies:

    Policy Value
    Enable device admin controls True
    Allowlisted DAs Add an admin named Knox Remote Support

Is this page helpful?