- *BASICS*
- The Knox Ecosystem
- Samsung Knox Portal
- Knox Cloud Services
- General Knox Support
- Knox Licenses
- *FOR IT ADMINS*
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- White paper
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Introduction
- Get started
- Features
- Register resellers
- Add an admin
- Create profiles
- Google device owner support
- MDM compatibility matrices
- Device users
- Activity log
- Enroll and unenroll devices
- Configure devices
- Provide KME feedback
- Use the Knox Deployment App (KDA)
- Recover Google FRP locked devices using KME
- Role-based access control (RBAC)
- Release notes
- FAQs
- Troubleshoot
- KBAs
- Knox Configure
- Mobile
- Wearables
- Shared Device
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQs
- Troubleshoot
- Knox Manage
- Introduction
- How-to videos
- Get started
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- FAQs
- KBAs
- Knox E-FOTA
- Introduction
- White paper
- Knox E-FOTA One
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQs
- Troubleshoot
- KBAs
- Migrate from Knox E-FOTA Advanced to Knox E-FOTA One
- Knox E-FOTA Advanced
- Knox E-FOTA on MDM
- Samsung Care+ for Business
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program

Knox White Paper
NOTE— SSO, AD Container, Shared devices, and Cloud SDK have been deprecated in the Knox 3.4.1 release. Although the features might still work, they will no longer be tested and will stop working in an upcoming Knox release. We strongly recommend that you use an equivalent feature in Android or stop using the feature altogether.
Enterprise Productivity Apps
Mobile apps have changed the way we work by providing new channels of communication, innovating customer engagement, and empowering organizations with critical data in real-time. Samsung Knox devices include a set of productivity apps for both personal and business use.
Business-critical apps include Samsung Email, Internet browser, Calendar, and Contacts. Enterprise IT admins can secure these apps within the Work profile, along with other apps used by the enterprise.
The Knox Platform secures enterprise apps and protects confidential app data through these methods:
- App installations and updates — Apps are pre-installed within the mobile device's secure Work profile and users can update these apps independent of firmware updates through Google Play.
- App isolation — Apps are sandboxed within the Work profile, which uses SE for Android to prevent personal apps from interfering with the business apps that are in the Work profile.
- App permissions — Knox provides App Permission Monitoring to help users prevent malware from using powerful permissions to gain unauthorized access to the device and Work profile.
- Data At Rest — Through Knox's Sensitive Data Protection (SDP), the files and data used by an app can remain encrypted until device users authenticate at device unlock or Work profile login. Individual apps can further deploy an app-specific password as another line of defense.
- Data In Transit — App data sent through the public Internet can be secured using Knox's advanced VPN features.
- DeX integration — Not only are all Samsung native apps optimized to work within DeX, enterprises can secure apps while they're displayed in DeX.
Samsung Email
The Samsung Email app is uniquely designed for customers requiring the secure synchronization of their mobile device's Email calendar, tasks, and memo functions. The Email app can use MS Exchange ActiveSync (EAS) for Single Sign On using company credentials.
In contrast with third-party security solutions, the Samsung Email app uses Sensitive Data Protection (SDP) by default, to automatically:
- Protect email text and attachments
- Secure incoming emails and notifications in real time
The Samsung Email app provides these key benefits:
- Productivity
- Single Sign On (SSO) with EAS
- EAS synchronization of contacts, calendar, tasks, and note data
- Federated LDAP query support
- Security
- EAS certification for account
- EAS certification for S/MIME messages
- EAS certification revocation checks
- EAS certification history support
- Card certification support
- Management
- LDAP account management
- EAS account management
Samsung Internet Browser
The Samsung Internet Browser provides enterprises with the following security features:
- Biometric Authentication — IT admins can enforce biometric authentication for website logins, web payments, and accessing Secret Mode.
- Secret Mode Password — IT admins can enforce password access to Secret Mode, which can contain confidential bookmarks and saved pages.
- Protected Browsing — IT admins can enable warnings to alert users if they try to view known malicious sites, which might try to steal confidential data such as passwords or credit card information.
- Content Blockers — IT admins can allow the use of third-party plugins to filter out content such as:
- ads, which can come with cookies, malware, or viruses
- invisible trackers, which can monitor online activity
Enterprises can take advantage of the following additional capabilities to secure mobile browsing:
- Set up an HTTP proxy
- Enable TLS encryption of browser traffic
- Filter URLs or domains
- Block pop-ups through extensions
- Disable or enable JavaScript
- Disable or enable the auto-fill of forms
- Disable or enable cookies, saved sign-in data
- Delete or preserve personal data
Samsung Contacts
Contacts are the lifeline of any collaborative business environment and empower mobile workers to stay connected. Enterprises need to strike a fine balance between providing employees with easy access to contacts and protecting private contact information from exploitation.
The Samsung Contacts app provides enterprises with the ability to disable or enable the following features:
- Synchronization of contact data with an MS Exchange or ActiveSync server
- Synchronization of contact data inside and outside the Work profile
- Copying of contact info to a SIM card
- Accessing contact info at the end of a phone call