Managed configuration

Configuration name

0 of 100 characters entered

Profile name(version)
Configured
Add a unique profile name(version) that highlights the policies and restrictions applicable to this profile. You can later use the name(version) for tracking and debugging. If use the profile name and version together, can manage it by version. To ensure good user experience, we recommend using a name less than 50 characters in length.
Knox profile
12 of 5000 characters entered
KPE Premium or Knox Suite License key
Configured
If your UEM console supports KPE license information, enter your KPE License there. For UEM consoles not showing this information, enter your KPELicense Key for your Knox Premium license in this field. This field also supports the new Knox Suite license key or Knox Platform for Customization (KPC) licensekey. This field does not apply to Blackberry users. Applies to devices running Android P and Knox v3.2.1 or higher. To buy a KPE Premium / Knox Suite or KPC license, contact your authorized Samsung Knox Reseller.

0 of 5000 characters entered
Debug Mode
Configured
The informative mode shows policy results and errors on the device. We recommend enabling this mode only during the test phases and not during final deployment.
Separated Apps policies
A group of policies and restriction that are applicable to Separated apps.
- Enable Separated Apps
  Configured
  Turn Separated Apps policies on or off. Enable this option before using any of the Separated Apps policies. If this option is disabled, KSP will apply policy to remove Separated Apps from the device, all apps installed inside Separated Apps will be uninstalled from the device.
- Allow List Policy
  A group of policies for specifying the list of apps to be separated and whether the specified list of apps should be installed outside or inside of the separate space.Available Knox 3.7 or higher
  Location for Separate Apps installation
  Configured
  If the value is set to Outside, List of specified apps will be installed outside (i.e. in user0), apps not in the list will be installed inside. if the value is set to Inside, List of specified apps will be installed inside (i.e. inside separate space), apps not in the list will be installed outside
  Outside
  Inside
  List of Apps to Separate
  Configured
  Provide list of applications that will be separated from all the other apps not in this list. Note: If Outside is selected for Location of Separate Apps installation then existing apps installed outside in User0 that are not part of this list will be uninstalled
  
  0 of 5000 characters entered
Device-wide policies (Selectively applicable to Fully Manage Device (DO) or Work Profile-on company owned devices (WP-C) mode as noted)
A global group of policies and restrictions that are applicable to all users of the device. This list includes items that impact all users on the device, whether they fall under personal or work profiles. Availability: Knox 3.0 and above.
- Enable device policy controls
  Configured
  Use this control to enable or disable device-wide policies. Enable this option before using any of the device-wide policies. If this option is disabled, KSP does not apply any policies in default user (User 0).
- Advanced Restriction policies (Premium)
  A group of controls to manage advanced restriction policies. A KPE Premium license is required for all policies in this group.
  Enable Advanced Restrictions controls
  Configured
  Use this control to enable advanced controls on the device. Note: When the Advanced Restriction policy is enabled, the eSIM menu disappears to prevent conflicts between functions.
  Allow wi-fi scanning
  Configured
  Use this control to block the device from scanning for Wi-Fi networks in range to improve the accuracy of location detection. Availability with Knox 3.2 or higher.
  Allow bluetooth scanning
  Configured
  Use this control to block the device from scanning for bluetooth devices in range to improve the accuracy of location detection. Availability with Knox 3.2 or higher. Note: If disabled, all Bluetooth functionality is disabled. If Bluetooth scanning is disabled, the device declines location accuracy and does not allow apps and services to scan for and connect to nearby devices automatically via Bluetooth.
  Allow remote control
  Configured
  Use this control to block connections to the device, using third-party remote control apps. Availability with Knox 3.0 or higher.
  Enable Common Criteria (CC) mode
  Configured
  Use this control to enable services to bring the device into the Common Criteria-evaluated configuration, called CC Mode. For devices enrolled in a UEM, these settings are set at the UEM level.
  Allow dual SIM operation
  Configured
  Use this control to enable or disable the secondary SIM card slot on a dual SIM device. Disabling this policy blocks functions on the second SIM, preventing calls, SMS / MMS and data. Enabling the policy returns all ordinary functions to the previously blocked SIM. This policy is ignored by devices that only have one SIM.
  WiFi Advanced Detect suspicious network
  A group of controls to configure WIPS to prevents unauthorized network access to local area networks and other information assets by wireless devices.
  Enable WIPS Control
  Configured
  Use this control to enable or disable WIPS options. If this control is disabled, any changes to other WIPS related settings have no impact.
  Allow WIPS Enforcement
  Configured
  Select this option to enforce the feature, Disallow end user to bypass WIPS
  0 off
  1 on
  Allow WIPS Advance Protection
  Configured
  Select this option to Disallow end user to change WIPS
  0 off
  1 on
  Set USB Device Connection Type
  Configured
  Use this control to select the usb connection type
  DEFAULT
  MTP
  PTP
  MIDI
  CHARGING
- Application management policies
  A group of policies to configure and manage applications on the device.
  Enable application management controls
  Configured
  Use this control to enable or disable advanced application management settings.
  Battery optimization allowlist
  Configured
  Use this control to exempt applications from battery usage optimizations such as Android Doze mode. For a fully managed device with a Work profile, enter the list of application on the personal profile to allowlist. To specify Work profile-only apps, go to Work Profile Policies > App Management section. Enter a comma-separated list of package names to specify the apps to allowlist.
  
  0 of 5000 characters entered
  Notifications allowlist
  Configured
  Use this control to stop applications from showing notifications on the status bar. When this policy is enabled, notifications from all applications are blocked except for the apps specified in this allowlist. Enter the values as a comma separated list or wildcard to specify multiple apps to the allowlist, if you want to use advanced query, please use correct regular expression syntax.
  
  0 of 5000 characters entered
  App update controls
  Application update policy
  Configured
  Use this control in combination with the following List of apps control to allow or restrict updates to specific apps. The default value is set to ‘None’, meaning apps on your device update per the policies you’ve specified in your Device Settings and in app settings on Managed Google Play Store.
  None
  Allow update for specified apps only
  Block updates for specified apps only
  List of apps
  Configured
  Use this field to allow or restrict app updates for specific apps. Enter the values as a comma separated list or wildcard to specify multiple apps, if you want to use advanced query, please use correct regular expression syntax.
  
  0 of 5000 characters entered
  Allow USB Devices for default access by Application (Configure profiles below)
  Configured
  Use this setting to grant user permission for one or more usb devices to be used by a particular package. Use the Allowed USB devices for Applications section for Configurations.
  Application Allowlist by Pkg Name
  Configured
  Use this control to allowlist applications to be installed on the DO. When this policy is enabled, third-party application (application that is not part of system image) based on the application package name will be allowlisted. Enter the values as a comma separated list or wildcard to specify multiple apps to the allowlist, if you want to use advanced query, please use correct regular expression syntax. If the package name of an application currently being installed matches a package name pattern in both the blocklist and allowlist, the allowlist takes priority and the application is installed.
  
  0 of 5000 characters entered
  Application Blocklist by Pkg Name
  Configured
  Use this control to blocklist applications to be installed on the DO. When this policy is enabled, third-party application (application that is not part of system image) based on the application package name will be blocklisted. Enter the values as a comma separated list or wildcard to specify multiple apps to the blocklist, if you want to use advanced query, please use correct regular expression syntax. If the application package is already installed, the API does not affect the existing installation.
  
  0 of 5000 characters entered
  Application Allowlist by Signature used
  Configured
  Use this control to allowlist applications to be installed on the DO. When this policy is enabled, third-party application (application that is not part of system image) based on the signature used by the application will be allowlisted. Enter the values as a comma separated list or wildcard to specify multiple apps to the allowlist. If the signature of an application currently being installed matches the signature in both the blocklist and allowlist, the allowlist takes priority and the application is installed.
  
  0 of 5000 characters entered
  Application Blocklist by Signature used
  Configured
  Use this control to blocklist applications to be installed on the DO. When this policy is enabled, third-party application (application that is not part of system image) based on the signature used by the application will be blocklisted. Enter the values as a comma separated list or wildcard to specify multiple apps to the blocklist. If the application package is already installed, the API does not affect the existing installation.
  
  0 of 5000 characters entered
  Disable Application without user interaction
  Configured
  Use this control to disable application without user interaction. The disabled application package is not uninstalled but the device user cannot use it. The API does not affect the future application package state. Enter the values as a comma separated list, for example, "com.xyz, com.abc".
  
  0 of 5000 characters entered
  Force Stop Blocklist
  Configured
  Use this control to prevent the user from stopping certain applications. The stop actions include force stop in Settings app, stopping through third-party applications, stopping any background process by system and stopping any service from the application. Enter the values as a comma separated list or wildcard to specify multiple apps to the blocklist, if you want to use advanced query, please use correct regular expression syntax.
  
  0 of 5000 characters entered
  Widget Allowed List
  Configured
  Use this control to allow widget to be installed on the DO. When this policy is enabled, widget matching the list will be allowed to installed and rest all the other widgets will be blocked. Enter the values as a comma separated list or wildcard to specify multiple widget to the allow. If the package name matches the pattern in both the blocklist and allowlist, the allowlist will takes priority.
  
  0 of 5000 characters entered
  Widget Blocked List
  Configured
  Use this control to block widget to be installed on the DO. When this policy is enabled, a user cannot add widgets with package names that match the list, and existent widgets are removed from the launcher home screen. Enter the values as a comma separated list or wildcard to specify multiple widget to the block. If the package name matches the pattern in both the blocklist and allowlist, the allowlist will takes priority.
  
  0 of 5000 characters entered
  Package Name for Auto-Launch
  Configured
  Enter the package name of the application that needs to be launched after it is installed along with the Component name. Example: PackageName/ComponentName
  
  0 of 5000 characters entered
- Audit Log (Premium)
  A group of controls to enable audit log on the device. Available with a KPE Premium license
  Enable Audit Log
  Configured
  Use this control to enable audit log to capture events such as Password policies set for devices; App installation and removal; Certificate failure and key generation; Account creation and removal; File exchange attempts over Wi-Fi etc
  Audit Log Policy Configuration
  A group of controls to configure audit log on the device. Available with a KPE Premium license
  Audit Log Policies
  Configured
  Use this control to select granular audit log on the device
  All Group
  Application Group
  Events Group
  Network Group
  Security Group
  System Group
  Audit Log Outcome
  Configured
  Use this control to select audit log outcome on the device
  All
  Failures
  Successes
  Audit Log Severity Level
  Configured
  Use this control to select severity level of Audit Log
  All
  Alert
  Critical
  Error
  Warning
  Audit Log Frequency
  Configured
  Use this control to select the Audit log frequency
  2 Hours
  6 Hours
  12 Hours
  24 Hours
- Call and Messaging control
  A group of policies to manage device-wide call and messaging restrictions.
  Enable call and messaging controls
  Configured
  Use this control to enable or disable the phone call and text messaging functionality on the device.
  Manage RCS messaging
  Configured
  Use this control to block RCS on the device. RCS (Rich Communication Services) is an advanced messaging system that aims at making SMS messages more interactive. For example, letting users transmit in-call multimedia. By default, RCS messaging is allowed.
  Set disclaimer text for messages
  Configured
  Use this control to set a disclaimer text with all the outgoing SMS and MMS from the device. The disclaimer text should be limited to 30 characters.
  
  0 of 5000 characters entered
- Certificate management policies (Premium)
  A group of policies to control certificate management settings. For example, disable certificates, restrict certificates and more.
  Enable certificate management controls
  Configured
  Use this control to enable or disable certificate management settings for the device. Enable this control before changing any certificate management settings. If this control is not enabled, any Enterprise certificate management policy is ignored.
  Certificate revocation
  Choose the Certificate revocation method most appropriate for your devices.
  Enable revocation check
  Configured
  Use this to check certificate validation. For example if you list “com.samsung.email” in a allowlist, any certificates used by this app for SMIME encryption or signing is first checked against a list of Certificate Revocation List (CRL) to verify that they are still valid. Enter the application package names to check as a comma separated list, for example (“com.xyz, com.abc”)
  Not enabled
  Enable for all apps
  Enable for specified apps only
  Enable OCSP check before CRL
  Configured
  Use this to perform certificate validation using OSCP before checking a CRL. If the OCSP response is inconclusive the device performs a CRL check.
  List of apps to enable for verification
  Configured
  Use this to perform certificate revocation on a list of applications. Enter the values as a comma separated list of the application packages, for example, “com.xyz, com.abc”.
  
  0 of 5000 characters entered
  Add trusted CA certificate
  Configured
  Enter the name of a Trusted CA Alias which was already defined in Certificate Alias. Enter the values as a comma separated list of the Trusted CA Alias
  
  0 of 5000 characters entered
  Block User from removing Certificate
  Configured
  Use this control to block the user from removing certificates from the keystore. By default, users are allowed to remove certificates from the keystore.
  Allow applications to read private keys without alerting user (Configure profiles below)
  Configured
  Use this setting to Allow application to read private keys without alerting user. To specify application package name, host, port, alias & storage name that will be matched with what applications provided. Use the Allowed apps for reading private keys section.
  Install Certificate in keystore(s) silently
  Configured
  Enter the name of a CA Alias which will be installed silently in the device keystore(s). Enter the values as a comma separated list of the CA Alias
  
  0 of 5000 characters entered
- Client Certificate management (CCM) policies (Premium)
  A group of policies to control client certificate management settings. *Note: CCM Policies are deprecated in the KSP release (22.05). Due to their deprecation, we strongly suggest that you no longer use these policies since S OS(Knox 3.8.0). See KSP Release Notes for details.
  Enable client certificate management controls
  Configured
  Use this control to enable or disable client certificate management settings for the device. Enable this control before changing any client certificate management settings. If this control is not enabled, any Enterprise client certificate management policy is ignored. *Note: CCM Policies are deprecated in the KSP release (22.05). Due to their deprecation, we strongly suggest that you no longer use these policies since S OS(Knox 3.8.0). See KSP Release Notes for details.
  Add packages to be exempted from access control
  Configured
  Enter Name of the packages to be exempted from access control.Enter the values as a comma separated list of the package names.
  
  0 of 5000 characters entered
- Date Time Change
  A Group of control to enable Date and Time Change
  Enable Date Time Policy controls
  Configured
  Use this control to enable Date and Time Change
  Allow Date Time change
  Configured
  Use this setting to allow or disallow date time change
- Device Account Policy
  A group of controls for Device Account Policy
  Enable Device Account Policy controls
  Configured
  A group of controls to Enable Device Account Policy
  Enable Device Account policies (Configure profiles below)
  Configured
  Use this setting to enable device account addition policies
- Device Admin allowlisting
  A group of policies to manage Device Administrator (DA) privileges to specific apps when KSP is launched on the device. By default, DA level access is blocked for all apps. KSP cannot deactivate DA level access for an app that is already activated before KSP is launched.
  Enable device admin controls
  Configured
  Use this control to enable or disable Device Admin allowlisting control for applications on a device where KSP is launched.
  Allowlisted DAs
  Configured
  By default, KSP will block activation of any application as device admin, except those specified in this allowlist. Enter a comma-separated list of packages to specify the list of apps to allowlist.
  
  0 of 5000 characters entered
- Device Controls
  A group of policies to manage device controls, such as APN settings, NFC policies, certificate management, and more.
  APN Setting Policy
  A group of policies to create, update and remove Access Point Name (APN) settings on the device.
  Enable APN settings policy control
  Configured
  Use this control to enable or disable APN settings for the device. Enable this control before changing any APN settings. If this control is not enabled, any APN settings are ignored. Note: When the APN Setting Policy is enabled, the eSIM menu disappears to prevent conflicts between functions.
  Name of APN Configuration to add or update
  Configured
  Enter the name of the APN configuration profile that needs to be added or updated. Ensure that the name used here matches at least one name in the APN configuration > name field. For example, “samsungAPN3”
  APN_1
  5 of 5000 characters entered
  Allow user to change APN Settings
  Configured
  Use this control to allow or prevent user from changing the APN settings.
  Data Roaming Policy
  A group of policies to control the data roaming settings on the device.
  Enable data roaming policy control
  Configured
  Use this control to enable or disable data roaming settings for the device. Enable this control before changing any data roaming settings. If this control is not enabled, any data roaming settings are ignored.
  Allow user to change data roaming state
  Configured
  Use this setting to allow or prevent users from changing the current data roaming state (on or off).
  Allow user to change voice call state
  Configured
  Use this setting to allow or prevent users from changing the current voice call state (on or off).
  Network Mode Policy
  A group of policies to control the Network mode settings on the device.
  Enable network mode policy control
  Configured
  Use this control to set the network mode type for the device. Enable this control before changing any network mode settings. If this control is not enabled, any data roaming settings are ignored.
  Set Network mode
  Configured
  Use this control to set the network mode.
  5G/LTE/3G/2G(auto connect)
  LTE/3G/2G(auto connect)
  LTE/3G(auto connect)
  NFC Policy
  A group of policies to control Near Field Communications (NFC) settings. For example turning NFC on or off.
  Enable NFC policy controls
  Configured
  Use this control to enable or disable NFC settings for the device. Enable this control before changing any NFC settings. If this control not enabled, any NFC settings are ignored.
  Turn on NFC
  Configured
  Use this control to turn NFC on or off. If this setting is disabled, all NFC related functions will not work such as NFC based payment systems or NFC tags.
  Allow user to change NFC state
  Configured
  Use this setting to allow or prevent users from changing the current NFC state (on or off).
  Wi-Fi Policy
  A group of policies to control Wi-Fi settings. For example setting Wi-Fi hotspots, allowing specific connections etc.
  Enable Wi-Fi policy controls
  Configured
  Use this control to enable or disable Wi-Fi polices on a device. If this control not enabled, any Wi-Fi settings you change are ignored.
  Set Wi-Fi hotspot SSID
  Configured
  Use this control to name the Wi-Fi hotspot saved on a device. For example, you can set a custom name, such as “MyMobileWifi”, instead of using the default SSID.
  
  0 of 5000 characters entered
  Set Wi-Fi hotspot password
  Configured
  Use this control to enforce a password when a Wi-Fi mobile hotspot is enabled. If this field is empty, users can create unsecured hotspot network. Passwords should be eight or more characters long.
  
  0 of 5000 characters entered
  Allow user to change hotspot setting
  Configured
  Use this control to allow users to change Wi-Fi hotspot settings on the device. If this setting is off, users cannot make modifications to the hotspot settings on their device
  Allow open Wi-Fi connection
  Configured
  Use this control to allow devices to start an open (non-secured) Wi-Fi hotspot or connect to open and unprotected Wi-Fi access points. If this control is off, users cannot connect to unsecured Wi-Fi networks or start an open (non-secured) Wi-Fi hotspot.
  Allow Minimum Wi-Fi Security Requirement
  Configured
  Use this option to allow user to select the minimum security requirement for Wifi Connection. Note: This policy can be applied only if open wifi connection is disabled
  WEP
  WPA
  LEAP, PWD
  FAST, PEAP
  TLS, TTLS, SIM, AKA, AKA'
  Block Wi-Fi N/W Connection
  Configured
  Add SSID to the list of blocked network to prevent user to connect
  
  0 of 5000 characters entered
  Allow Automatic Wi-Fi Connection to saved SSIDs
  Configured
  Use this control to allow or deny automatic connections of saved SSIDs
  Allow Control for Wi-Fi Password to be Visible
  Configured
  Use this control to make the password hidden or visible in the network edit diaglog
  Allow Wi-Fi State Change
  Configured
  Use this control to allow or deny user access to make Wi-Fi state change
  Allow to configure Wi-Fi (Configure details below)
  Configured
  Use this control to allow configuration of WiFi
  Advanced Wi-Fi Policy (Premium)
  A group of policies to control Advanced Wi-Fi settings. For example setting roam trigger, roam delta, roam scan period etc.
  Enable Advanced Wi-Fi Policy Controls(Configure profiles below)
  Configured
  Use this control to enable or disable Advanced Wi-Fi polices on a device. If this control not enabled, any Advanced Wi-Fi settings you change are ignored.
  Bluetooth Policy
  A group of policies to control bluetooth settings. For example you can block certain bluetooth profiles or services. Note: These controls have no impact if “Allow BT” is disabled in the “device restrictions” section.
  Enable bluetooth policy controls
  Configured
  Use this control to enable or disable bluetooth settings. If this control is not enabled, any changes you make to bluetooth settings are ignored.
  Enable bluetooth profiles
  Configured
  Use this control to allow or block peripherals from connecting based on their bluetooth profiles.
  None
  Bluetooth Advanced Audio Distribution (A2DP)
  Bluetooth Audio/Video Remote Control (AVRCP)
  Bluetooth HandsFree (HFP)
  Bluetooth Headset (HSP)
  Bluetooth Phone Book Access (PBAP)
  Bluetooth Serial Port (SPP)
  Allowlist Bluetooth Service by UUID
  Configured
  Use this control to allow peripherals from connecting based on their Bluetooth service UUID. When enabled, all peripherals except those with UUIDs specified here are blocked from operating with the device. The UUIDs should be as per BT SIG specifications. See the KSP Admin guide for a list of frequently used UUIDs.
  NONE
  ALL
  A2DP_ADVAUDIODIST_UUID
  A2DP_AUDIOSINK_UUID
  A2DP_AUDIOSOURCE_UUID
  AVRCP_CONTROLLER_UUID
  AVRCP_TARGET_UUID
  BNEP_UUID
  BPP_UUID
  DUN_UUID
  HFP_AG_UUID
  HFP_UUID
  HID_UUID
  HSP_AG_UUID
  HSP_UUID
  NAP_UUID
  OBEXOBJECTPUSH_UUID
  PANU_UUID
  PBAP_PSE_UUID
  PBAP_UUID
  SPP_UUID
  Blocklist Bluetooth Service by UUID
  Configured
  Use this control to block peripherals from connecting based on their Bluetooth service UUID. When enabled, all peripherals except those with UUIDs specified here are allowed from operating with the device. The UUIDs should be as per BT SIG specifications. See the KSP Admin guide for a list of frequently used UUIDs.
  NONE
  ALL
  A2DP_ADVAUDIODIST_UUID
  A2DP_AUDIOSINK_UUID
  A2DP_AUDIOSOURCE_UUID
  AVRCP_CONTROLLER_UUID
  AVRCP_TARGET_UUID
  BNEP_UUID
  BPP_UUID
  DUN_UUID
  HFP_AG_UUID
  HFP_UUID
  HID_UUID
  HSP_AG_UUID
  HSP_UUID
  NAP_UUID
  OBEXOBJECTPUSH_UUID
  PANU_UUID
  PBAP_PSE_UUID
  PBAP_UUID
  SPP_UUID
  Allow Device discoverable Mode
  Configured
  Use this control to enable or disable Bluetooth discoverable mode.
  Boot banner
  A group of controls to add, change, or show a banner upon device restart. Available with a KPE Premium license.
  Enable banner on device reboot
  Configured
  Use this control to show a banner on the device display when the device restarts. Default value is set to not show a banner upon device reboot.
  Custom Banner Message
  Configured
  If you want to show custom text to the user when the device restarts, enter the text in this field.
  
  0 of 5000 characters entered
  Battery Optimization (Premium)
  A group of controls to optimize battery usage. Available with a KPE Premium license.
  Enable battery optimization
  Configured
  Use this control to optimize battery and enable device to shutdown, if the user is inactive for the set user inactivity timeout
  Set User Inactivity Timeout
  Configured
  Enter the user inactivity timeout in seconds(10 minutes as minimum) for device to shutdown, in order to optimize battery.
  Set User Inactivity Timeout
  3 of 10 characters entered
- Device customization controls (Premium)
  A group of policies to customize the device user interface. Configure the "Device customization profile" that the device user must use in this section. Availability: Premium license with Customization permissions.
  Enable device customization
  Configured
  Use this control to enable or disable device customization. (Configure Device customization profile below)
- Device Key Mapping
  A group of controls to map key up. Available with a KPE Premium license.
  Enable Key Mapping
  Configured
  Use this control to enable key mapping. Enable this control before changing any Device Key Mapping settings. If this control is not enabled, any Device Key Mapping settings are ignored.
  Enable XCover/Active Key Mapping for Microsoft Teams
  Configured
  Use this control to enable key mapping for passing intent for Microsoft Teams package.
  XCover/Active key Mapping for specific application
  A group of controls to enable XCover/Active key mapping for a specific application
  Package Name
  Configured
  Enter the name of the package (application) that will receive the XCover key mapping action
  
  0 of 5000 characters entered
  Use Samsung Intent
  Configured
  If this option is enabled, the intent definitions below will be ignored. Supported from Knox 3.7.1
  Intent for Key press
  Configured
  Enter the intent name provided by the Application Vendor for XCover Key Press
  com.samsung.android.knox.intent.action.PTT_PRESS
  48 of 5000 characters entered
  Intent for Key release
  Configured
  Enter the intent name provided by the Application Vendor for XCover Key Release
  com.samsung.android.knox.intent.action.PTT_RELEASE
  50 of 5000 characters entered
  Top Key Mapping for specific application
  A group of controls to enable Top key mapping for a specific application
  Package Name
  Configured
  Enter the name of the package (application) that will receive the Top key mapping action
  
  0 of 5000 characters entered
  Use Samsung Intent
  Configured
  If this option is enabled, the intent definitions below will be ignored. Supported from Knox 3.7.1
  Intent for Key press
  Configured
  Enter the intent name provided by the Application Vendor for Top Key Press
  com.samsung.android.knox.intent.action.TOP_PRESS
  48 of 5000 characters entered
  Intent for Key release
  Configured
  Enter the intent name provided by the Application Vendor for Top Key Release
  com.samsung.android.knox.intent.action.TOP_RELEASE
  50 of 5000 characters entered
  Side Key Mapping for specific application
  A group of controls to enable Side key mapping for a specific application
  Package Name
  Configured
  Enter the name of the package (application) that will receive the Side key mapping action
  
  0 of 5000 characters entered
  Use Samsung Intent
  Configured
  If this option is enabled, the intent definitions below will be ignored. Supported from Knox 3.7.1
  Intent for Key press
  Configured
  Enter the intent name provided by the Application Vendor for Side Key Press
  com.samsung.android.knox.intent.action.SIDE_PRESS
  49 of 5000 characters entered
  Intent for Key release
  Configured
  Enter the intent name provided by the Application Vendor for Side Key Release
  com.samsung.android.knox.intent.action.SIDE_RELEASE
  51 of 5000 characters entered
  Enable Key Mapping to Launch applications (Configure profiles below)
  Configured
  Use this control to enable key mapping for specific action for defined package
- Device Restrictions
  A group of controls to allow or block specific operations on the user's device.
  Enable device restriction controls
  Configured
  Use this control to enable or disable restriction controls for the device. Enable these controls before changing any device restriction settings. If these controls are not enabled, any device restriction settings are ignored.
  Allow microphone
  Configured
  Use this setting to disable the microphone without user interaction. Disabling this control restricts the use of the microphone for recording purposes, but does not impact the use of the phone application on the device.
  Allow WiFi
  Configured
  Use this control to allow or restrict the device's ability to connect to Wi-Fi networks.
  Allow WiFi Direct
  Configured
  Use this control to allow or restrict the device's ability to connect to Wi-Fi Direct networks.
  Allow Bluetooth
  Configured
  Use this control to allow or restrict the device's ability to make Bluetooth connections.
  Allow cellular data
  Configured
  Use this control to allow or restrict the device's ability to use the cellular data connection.
  Tethering controls
  A group of controls to configure the use of tethering technologies on the device.
  Allow tethering
  Configured
  Use this control to allow or block all types of tethering on the device. Enable this control before changing any other tethering settings. If this control is not enabled, any changes to other tethering settings are ignored.
  Allow WiFi tethering
  Configured
  Use this control to allow or block tethering on Wi-Fi. If the use of all tethering is disabled, changing these settings has no impact.
  Allow Bluetooth tethering
  Configured
  Use this control to allow or block tethering on Bluetooth. If the use of all tethering is disabled, changing these settings has no impact.
  Allow USB tethering
  Configured
  Use this control to allow or block tethering on USB. If the use of all tethering is disabled, changing these settings has no impact.
  Allow USB media player
  Configured
  Use this control to enable or disable the use of an external USB media player on the device.
  Allow USB host storage
  Configured
  Use this control to enable or disable the use of an external USB storage device, such as an external hard disk or a flash drive.
  Setup USB exception list
  Configured
  If the Allow USB host storage setting is enabled, use this control to configure the use of one or more classes of USB devices or USB composite device on the mobile device. If the Allow USB host storage setting is disabled, any settings in this section have no impact. A USB Composite Device is a peripheral device that supports more than one device class. If you use this policy to control a USB Composite Device, ensure that you add all supported classes in the exception list.
  Allow all
  Audio
  CDC Data
  Communication
  Human Interface Device
  Mass Storage
  Miscellaneous
  Still Image
  Vendor Specific
  Wireless Controller
  Allow USB debugging
  Configured
  Use this control to enable or disable the device to enter into a USB debugging mode.
  Allow developer mode
  Configured
  Use this control to enable or disable the device to enter into a developer mode.
  Allow Share Via option
  Configured
  Use this control to enable or disable the Share Via option that presents User options to share data from one application to another application using one of the many available options.
  Allow power saving mode
  Configured
  Use this control to enable or disable the device from entering the Power Saver mode automatically.
  Allow data saver mode
  Configured
  Use this control to enable or disable the device from entering the Data Saver mode automatically.
  Allow VPN connections
  Configured
  Use this control to enable or disable VPN connections on the device.
  Allow user to modify Settings
  Configured
  Use this control to allow or restrict the user from changing the device settings.
  Enforce external storage encryption
  Configured
  Use this control to enable external storage (SD Card) encryption. Enabling this option prompts the user to start encryption. For security reasons, we recommend setting the policy to use an alphanumeric password.
  Allow SD card access
  Configured
  Use this control to enable or disable Secure Digital (SD) card access.
  Allow backup on Google Server
  Configured
  Use this control to enable or disable backup of data on the Google Server.
  Allow installation of Non-Google Play Apps
  Configured
  Use this control to allow or disallow installation of Non-Google Play Applications.
  Allow Video Recording
  Configured
  Use this control to enable or disable video recording.
  Allow Android Beam on device
  Configured
  Use this control to allow or disallow Android Beam on device.
  Allow Camera
  Configured
  Use this control to enable or disable camera.
  Allow Clipboard
  Configured
  Use this control to enable or disable clipboard.
  Allow Smart Switch
  Configured
  Use this control to allow or disallow smart switch to seamlessly transfer contacts, photos, music, videos, messages, notes, calendars and more to virtually any Samsung Galaxy device
  Allow UWB
  Configured
  Use this control to allow or disallow UWB on the device
  Allow Factory Reset
  Configured
  Use this control to allow or restrict the device factory reset
- Device Settings (Premium)
  A group of controls for device settings. A KPE Premium license is required for all policies in this group.
  Enable device settings controls