- Basics
- About Knox
- Knox licenses
- Knox white paper
- Sign up for Samsung Knox
- Latest release notes
- General Knox FAQ
- General Knox KBAs
- Submit a support ticket
- User Acceptance Testing
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Welcome
- Overview
- How-to guides
- Manage licenses
- Scanning profiles
- Apps and activities
- Scan engine settings
- Keystroke output rules
- Export configuration and deploy through EMM
- Set the camera scan trigger
- Connect a hardware scanner
- Configure the output path
- Use the scanner overlay
- Check a configuration in test mode
- Use intent output
- Knox Capture AR
- Get started
- How-to videos
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Capture: Scandit Edition
- Introduction
- How it works
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Create a new profile
- Assign profiles to groups and organizations
- Enroll devices
- Shared Android device quickstart
- Non-shared Android device enrollment quickstart
- Android Management API device enrollment quickstart
- Apple User Enrollment quickstart
- View device information
- Apply profiles to organizations
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Knox Guard REST API
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
Refer to the following application management policies to configure and manage applications inside a device's work profile:
-
Set the Enable application management controls to
True to enable the following application management settings. If
set to False, these management settings will not be configurable.
- Refer to the Battery optimization whitelist to enter a list of application package names <string> to include in the allow list for battery optimization exemption.
- Use the Notifications whitelist to stop applications from displaying notifications on the console status bar. All application notifications are blocked except those specified in the allow list. Enter values as a comma separated list, for example, com.xyz, or com.abc, etc. You can also use a wildcard (com.abc*) for multiple applications.
- Refer to the Install app from personal to work profile setting to install an existing application <string> from the default personal space into the work profile without deice user intervention. Provide a comma separated list of package names if specifying more than one application.
-
Set the following
Allow USB devices for application configuration controls to
set application configuration access for USB supported devices. Set
the following options for USB devices:
- Provide the Application Name<string> for the package name you would like to allow for USB configuration.
-
Refer to the USB Devices Configuration setting to define
the following values allowed USB device access for configuration
updates:
- Set the hex value Product ID<string> for the USB devices allowed application updates.
- Set the hex value Vendor ID<string> for the USB devices allowed application updates.
- Use the Application Whitelist by Pkg Name control to allow applications intended for installation on the PO. Specified third party applications not part of the device system image will be allowed when included in a comma separated list. Include a wildcard (com.abc*) for multiple apps. When a currently installed app matches a package name <string> in both the allow and block list, then the allow list has precedence and the package is installed.
- Use the Application Blacklist by Pkg Name control to block applications <string> by package name and prevent them from being installed on the PO. Specified third party application names not part of the device system image will be blocked when included in a comma separated list. Include a wildcard (com.abc*) for multiple apps. If the package is already installed, the API does not impact the existing package installation.
- Refer to the Application Whitelist by Signature used control to allow third-party applications intended for installation on the PO based on the application's signature. Enter values as a comma-separated list. Include a wildcard (com.abc*) for multiple apps. When a currently installed app matches a package signature <string> in both the allow and block list, then the allow list has precedence and the package is installed.
- Use the Application Blacklist by Signature used control to block applications by signature <string> and prevent them from being installed on the PO. Specified third party application signatures not part of the device system image will be blocked when included in a comma separated list. Include a wildcard (com.abc*) for multiple apps. If the package is already installed, the API does not impact the existing package installation.
- Refer to the Disable application without user interaction control to disable specific applications <string> without device user interaction. A disabled application is not uninstalled, but it cannot be launched by the device user. The API does not affect the application state. Enter values as a comma separated list, for example, com.xyz, or com.abc, etc.
- Refer to the Force Stop Blacklist control to prevent the user from stopping specified applications <string>. Stop actions include a force stop in Settings app, stopping through third-party applications, stopping any background process, and stopping any process from the application. Enter the values as a comma separated list. Include a wildcard (com.abc*) for multiple apps in the block list.
- Refer to the Widget Allowed List and Widget Blocked List to either allow or block a set of widgets. If an allowlist is implemented, all other widgets not matching the list are blocked. Contrarily, if a blocklist is implemented, only the widgets from the list are blocked and any existing widgets are removed. If a widget package name exists in both allow and block lists, it is set to be allowed. Minimum OS version required for this feature is Android 11.
- Refer to Package Name for Auto-Launch to set an application auto launch after installation. Additionally, specify a component name along with the application package name to launch a specific screen. If no component name is displayed, launcher screen of the application is displayed.
