- Basics
- About Knox
- Knox licenses
- Knox white paper
- Sign up for Samsung Knox
- Latest release notes
- General Knox FAQ
- General Knox KBAs
- Submit a support ticket
- User Acceptance Testing
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Create a new profile
- Assign profiles to groups and organizations
- Enroll devices
- Shared Android device quickstart
- Non-shared Android device enrollment quickstart
- Android Management API device enrollment quickstart
- Apple User Enrollment quickstart
- View device information
- Apply profiles to organizations
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Open API reference
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
These restrictions are a dedicated group of controls to manage advanced restriction policies. A KPE premium license is required for advanced restriction policies. These policies include—but are not limited to—the following:
- Wi-Fi and Bluetooth scanning
- Remote control to block device connections using 3rd party applications
- Common criteria
- Dual SIM device enable/disable
- Wireless Intrusion Prevention Support (WIPS)
Create an advanced restriction configuration
- In your UEM console, open the Device Configuration Profile associated with your target devices, and then on the middle navigation menu, click Properties. The Device Configuration Policy Properties page opens.
- On the Properties page, in the Settings list, click Configure. The OEMConfig page for the Device Configuration Policy opens.
- Next to the Work profile policies (Profile Owner) field, click Configure. The Work profile policies (Profile Owner) page opens.
- Next to the Advanced Restriction Policy field, click Configure.
-
Set the following advanced restriction values as needed:
-
Set the Enable advanced restriction controls value to
True to enable the following advanced restriction controls on
a target device.
- Refer to the Allow Wi-Fi scanning setting and click True to block the device from scanning for in-range Wi-Fi networks in order to improve location detection accuracy. This setting is only available with Knox 3.2 and above devices.
- Refer to the Allow bluetooth scanning setting and click True to block the device from scanning for in-range Bluetooth devices in order to improve location detection accuracy.
- Set the Allow remote control value to True to block connections to the device using 3rd party control applications. This setting is only available with Knox 3.0 and above devices.
- Refer to the Enable Common Criteria (CC) mode setting and click True to enable services to bring the device into a CC mode compliant evaluated configuration. If enrolled in a UEM, the CC mode setting is defined at the UEM level.
- Set the Allow dual SIM operation value to True to enable device second SIM slot functionality on a dual SIM device. Disable this setting to restrict functions (calls, SMS/MMS operations, etc.) on the second SIM. Enabling this setting returns functionality to the previously blocked second SIM. This policy is ignored by single SIM devices.
-
Set the Enable WIPS Control value to True to
enable WIPS enforcement and protection options for the device.
If disabled, changes to other WIPS settings have no impact.
- Set the Allow WIPS Enforcement value to 1 to enforce this feature and disallow a device user from bypassing WIPS protection. Set this value to 0 to permit a device user to bypass WIPS.
- Set the Allow WIPS Advance Protection value to 1 to disallow an device user from changing the WIPS configuration. Setting this value to 0 turns this setting off and permits a device user to change WIPS settings.
- Refer to the Set USB Device Connection Type control and set to either DEFAULT, MTP, PTP, MIDI, or CHARGING to define the USB connection type utilized by the device.
-
Set the Enable advanced restriction controls value to
True to enable the following advanced restriction controls on
a target device.
- Click OK. The updated advanced restriction settings are saved and deployed to devices based on the deployment schedule.
