Knox White Paper
Note: SSO, AD Container, Shared devices, and Cloud SDK have been deprecated in the Knox 3.4.1 release. Although the features might still work, they will no longer be tested and will stop working in an upcoming Knox release. We strongly recommend that you use an equivalent feature in Android or stop using the feature altogether.
Enterprise Productivity Apps
Mobile apps have changed the way we work by providing new channels of communication, innovating customer engagement, and empowering organizations with critical data in real-time. Samsung Knox devices include a set of productivity apps for both personal and business use.
Business-critical apps include Samsung Email, Internet browser, Calendar, and Contacts. Enterprise IT admins can secure these apps within the Work container, along with other apps used by the enterprise.
The Knox Platform secures enterprise apps and protects confidential app data through these methods:
- App installations and updates — Apps are pre-installed within the mobile device's secure Work profile and users can update these apps independent of firmware updates through Google Play.
- App isolation — Apps are sandboxed within the Work profile, which uses SE for Android to prevent personal apps from interfering with the business apps that are in the Work profile.
- App permissions — Knox provides App Permission Monitoring to help users prevent malware from using powerful permissions to gain unauthorized access to the device and Work container.
- Data At Rest — Through Knox's Sensitive Data Protection (SDP), the files and data used by an app can remain encrypted until device users authenticate at device unlock or Work profile login. Individual apps can further deploy an app-specific password as another line of defense.
- Data In Transit — App data sent through the public Internet can be secured using Knox's advanced VPN features.
- DeX integration — Not only are all Samsung native apps optimized to work within DeX, enterprises can secure apps while they're displayed in DeX.
The Samsung Email app is uniquely designed for customers requiring the secure synchronization of their mobile device's Email calendar, tasks, and memo functions. The Email app can use MS Exchange ActiveSync (EAS) for Single Sign On using company credentials.
In contrast with third-party security solutions, the Samsung Email app uses Sensitive Data Protection (SDP) by default, to automatically:
- Protect email text and attachments
- Secure incoming emails and notifications in real time
The Samsung Email app provides these key benefits:
- Single Sign On (SSO) with EAS
- EAS synchronization of contacts, calendar, tasks, and note data
- Federated LDAP query support
- EAS certification for account
- EAS certification for S/MIME messages
- EAS certification revocation checks
- EAS certification history support
- Card certification support
- LDAP account management
- EAS account management
Samsung Internet Browser
The Samsung Internet Browser provides enterprises with the following security features:
- Biometric Authentication — IT admins can enforce biometric authentication for website logins, web payments, and accessing Secret Mode.
- Secret Mode Password — IT admins can enforce password access to Secret Mode, which can contain confidential bookmarks and saved pages.
- Protected Browsing — IT admins can enable warnings to alert users if they try to view known malicious sites, which might try to steal confidential data such as passwords or credit card information.
- Content Blockers — IT admins can allow the use of third-party plugins to filter out content such as:
- ads, which can come with cookies, malware, or viruses
- invisible trackers, which can monitor online activity
Enterprises can take advantage of the following additional capabilities to secure mobile browsing:
- Set up an HTTP proxy
- Enable TLS encryption of browser traffic
- Filter URLs or domains
- Block pop-ups through extensions
- Disable or enable the auto-fill of forms
- Disable or enable cookies, saved sign-in data
- Delete or preserve personal data
Contacts are the lifeline of any collaborative business environment and empower mobile workers to stay connected. Enterprises need to strike a fine balance between providing employees with easy access to contacts and protecting private contact information from exploitation.
The Samsung Contacts app provides enterprises with the ability to disable or enable the following features:
- Synchronization of contact data with an MS Exchange or ActiveSync server
- Synchronization of contact data inside and outside the Work container
- Copying of contact info to a SIM card
- Accessing contact info at the end of a phone call