- Basics
- About Knox
- Knox licenses
- Knox white paper
- Sign up for Samsung Knox
- Latest release notes
- General Knox FAQ
- General Knox KBAs
- Submit a support ticket
- User Acceptance Testing
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Create a new profile
- Assign profiles to groups and organizations
- Enroll devices
- Shared Android device quickstart
- Non-shared Android device enrollment quickstart
- Android Management API device enrollment quickstart
- Apple User Enrollment quickstart
- View device information
- Apply profiles to organizations
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Knox Guard REST API
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
Samsung Knox E-FOTA is the mobile industry’s first firmware update management system on Android that allows IT admins to maximize cost efficiency when deploying OS updates to a fleet of Samsung mobile devices. With Knox E-FOTA, IT admins can do the following:
- Ensure the latest security patches are deployed to devices immediately or on schedule.
- Test updates before deployment to ensure compatibility between internal apps and new OS versions.
Key features
The following are the main benefits of Knox E-FOTA.
Select OS versions to deploy
IT admins can choose an OS version to deploy to ensure compatibility with internal apps. Without this service, they are forced to either block OS updates or allow updates to the latest OS version.
Force updates to target devices
IT admins can force OS updates to all of their devices. This allows them to efficiently manage devices, because all employee devices run the same OS version.
Schedule updates
IT admins can schedule OS updates for a set time and date1Knox E-FOTA only guarantees that the firmware update will start at a specified time and does not guarantee the OS update end time or duration. to prevent business interruptions. If an emergency security issue arises, they can immediately deploy the latest security patches.
Features
Knox E-FOTA has two editions: Knox E-FOTA on MDM and Knox E-FOTA Advanced. This white paper focuses on the latter.
- Knox E-FOTA on MDM is suitable for enterprises that wish to use their existing Enterprise Mobility Management (EMM) or Mobile Device Management (MDM) console to access the Knox E-FOTA features. It supports Android OS 7.0 (Nougat) and higher. The server is a cloud-based service embedded in your EMM/MDM implementation through an API that Samsung provides.
- Knox E-FOTA Advanced does not require an MDM/EMM because it functions through a standalone web console, the Knox E-FOTA Advanced admin portal. It supports Android OS 5.0 (Lollipop) and higher, and requires you to install a client app on the mobile devices. It has two server options:
- Cloud-based service.
- On-premise service for a dedicated host-based FOTA service2If you need Knox E-FOTA Advanced On-premise, please contact efota@samsung.com..
The following table lists all of Knox E-FOTA's features.
| Feature | Knox E-FOTA on MDM | Knox E-FOTA Advanced | Description |
|---|---|---|---|
| Selective OS version | ● | ● | Select an OS version to be deployed to the devices, and prevent updates to OS versions that have not been verified with internal apps. |
| Forced update (silent) | ● | ● | Deploy OS updates to devices without requiring user interaction. |
| Scheduled update | ● | ● | Set a specific date and time range (for example, non-business hours) to download and install an OS update. |
| Forced update (critical) | ● | Allow the user to postpone an update (with a maximum delay duration) during an ongoing critical job. The user can't decline the update. | |
| Monitoring dashboard | ● | View the status of update operations through a dashboard. | |
| Independent web console | ● | Perform administrative tasks at www.samsungefota.com. | |
| On-premise service | ● | Use an in-network or dedicated host-based FOTA service. | |
| Retry setting | ● | Specify what actions to make in the event of an update failure. | |
| Network bandwidth control | ● | Deploy firmware updates within a set maximum bandwidth. | |
| Wi-Fi only mode | ● | Save on cellular usage costs by restricting downloads and updates to occur only through Wi-Fi. | |
| Grouping target devices | ● | ● | Group devices by device model so you can perform operations on multiple devices simultaneously |
| Select target device by label | ● | Group devices using custom labels so you can deploy select OS updates based on the end users’ business function, location, and so on. | |
| Server resource control | ● | Only public IP addresses in an allowlist can reach their target domains for firmware management. |
Ports
- 1 port for Knox E-FOTA On-Premise.
- 14 ports for Knox E-FOTA on MDM. This can increase to 24 if static IPs will be used.
Read more about the Knox E-FOTA features on the product page.
Benefits of using Knox E-FOTA
The following are common device management pain points that businesses experience and how E-FOTA addresses each one.
| Device management pain points | Knox E-FOTA benefits |
| Security issues—Businesses and government agencies need to be protected immediately from cyber attacks, such as malware and ransomware. However, it is difficult to prevent hundreds or thousands of end users from postponing or declining an update. | Device security—Deploy the latest verified firmware along with the latest security patches—also called Security Maintenance Releases (SMR)—to all corporate-liable devices immediately without requiring user interaction. |
| Business interruptions—OS updates cause a temporary downtime during business hours. | Efficient rollout—Maintain productivity by specifying a time when devices download updates to minimize business interruptions. IT admins can stagger the deployment of updates (for example, by region) to ensure operational continuity. |
| Compatibility issues—The latest OS updates don't always work with the internal apps employees use in their daily operations. Incompatibility issues cause business interruptions. | Software compatibility testing—Only enforce updates once the software is tested to ensure compatibility between internal apps and new OS versions. This helps minimize the need for IT support for compatibility issues. |
|
Tedious device management—Having hundreds or thousands of devices with different OS versions makes device management a tedious process. Regulatory bodies require up-to-date firmware—Businesses in highly regulated industries need to use the latest validated OS versions in order to meet certification and regulatory requirements. Devices with no set users need to be maintained—Devices in the field and kiosk devices need to be kept up to date in the absence of onsite IT admins. |
Forced remote updates—Remotely deploying forced updates ensures that all enterprise devices are always running the latest validated OS version. Having a uniform view of all devices allows IT admins to manage them more efficiently. Silent updates do not require user interaction so they can't be postponed or rejected. |
| FOTA restrictions—FOTA restrictions prevent OS updates over the internet | On-premise solution—Knox E-FOTA Advanced On-premise allows enterprises to deploy OS updates to devices within their corporate firewall. |
