- Basics
- About Knox
- Knox licenses
- Knox white paper
- Sign up for Samsung Knox
- Latest release notes
- General Knox FAQ
- General Knox KBAs
- Submit a support ticket
- User Acceptance Testing
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Create a new profile
- Assign profiles to groups and organizations
- Enroll devices
- Shared Android device quickstart
- Non-shared Android device enrollment quickstart
- Android Management API device enrollment quickstart
- Apple User Enrollment quickstart
- View device information
- Apply profiles to organizations
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Knox Guard REST API
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
Microsoft Intune: Deploy Company-owned device
-
Create the enrollment profile: go to Microsoft Intune > Device enrollment > Android enrollment and click Corporate-owned dedicated devices.
-
Click Create Profile and then give it a name, description and a token expiry date (max 90 days)
-
Click Create in the create profile window.
-
Click profile you just created
-
Click Token.
-
Click Show token.
-
This token is required when enrolling the corporate owned dedicated devices.
Create an Azure AD Group
- Navigate to portal.azure.com, locate and select Azure Active Directory.
-
Select Groups > New group.
-
Provide a name for the group such as Android Enterprise Kiosk Profile and set Membership type = Dynamic device.
-
Select Dynamic device members.
-
Use a simple rule using the enrollmentProfileName attribute to create the dynamic rule as shown below:
Add apps from Managed Google Play
-
Go to Microsoft Intune > Client apps – Apps > Add App.
-
Select Managed Google Play > Approve.
-
Search for “Managed Home Screen” and any other apps needed in Kiosk mode.
-
Press Sync to add these apps to the apps list.
-
Assign the apps to the “Android Enterprise Kiosk Profile” group.
Create an Android enterprise kiosk configuration profile
-
Within Intune, select Device configuration > Profiles > Create Profile.
-
Select Properties > Platform = Android Enterprise, Profile type = Device restrictions
-
Select Settings > Dedicated devices and choose Single or Multi app Kiosk mode.
-
Select Add and add the apps previously added to Managed Google Play that were synced with Intune. Do not add the Managed Home Screen app
-
Go to Intune > Device Configuration > Profiles.
-
Select the Kiosk mode profile
-
Assign the Azure AD group created earlier.
To enroll your device as an Android Enterprise Company-owned device, you need to ensure the device is factory reset and at the welcome screen. From here, there are 3 ways you can enroll your device into Intune as an Android Enterprise Company-owned device.
- DPC Identifier [Also known as the hashtag method] afw#setup
- QR Code Enrollment / NFC Enrollment
- Knox Mobile Enrollment
KME Enrollment
-
To automate with KME, log into the KME console via https://www.samsungknox.com/ and select MDM Profiles.
-
Then select Create Profile.
-
Give the profile a name and pick Microsoft Intune as the MDM.
-
Enter https://aka.ms/intunekme_deviceowner as the MDM Agent APK.
-
Click Continue.
-
Enter {"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN":“YOUR TOKEN"} in the custom JSON box.
-
Your token will be found in your enrollment profile in the Intune console.
-
Next go to Devices in KME and select the device(s) you want to assign the Intune profile to.
-
Select Actions drop down and select Configure devices.
