- *BASICS*
- The Knox Ecosystem
- White Paper
- Samsung Knox Portal
- Knox Cloud Services
- General Knox Support
- Knox Licenses
- *FOR IT ADMINS*
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Introduction
- How-to videos
- Get started
- Features
- Register resellers
- Add an admin
- Create profiles
- Google device owner support
- MDM compatibility matrices
- Device users
- Activity log
- Enroll and unenroll devices
- Configure devices
- Provide KME feedback
- Use the Knox Deployment App (KDA)
- Recover Google FRP locked devices using KME
- Role-based access control (RBAC)
- Release notes
- FAQs
- Troubleshoot
- KBAs
- On-Premise
- Knox Configure
- Mobile
- Wearables
- Shared Device
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- View applications
- Add applications
- Introduction
- Add internal Android and iOS applications
- Add internal Windows applications
- Add public applications using Google Play Store
- Add public applications using iOS App Store
- Add public applications using Managed Google Play Private
- Add public applications using Managed Google Play Store Private Web
- Add public applications using Microsoft Store
- Add Chrome OS applications
- Assign applications
- Introduction
- Assign internal Android and iOS applications
- Assign iOS App Store applications
- Assign Google Play applications
- Assign Managed Google Play applications
- Assign Managed Google Play Private applications
- Assigned Managed Google Play Public Web App
- Assign Windows applications
- Assign Chrome OS applications
- Manage applications
- Volume Purchase Program for iOS
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQs
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQs
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Samsung Care+ for Business
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
Knox White Paper
NOTE— SSO, AD Container, Shared devices, and Cloud SDK have been deprecated in the Knox 3.4.1 release. Although the features might still work, they will no longer be tested and will stop working in an upcoming Knox release. We strongly recommend that you use an equivalent feature in Android or stop using the feature altogether.
Mobile apps have changed the way we work by providing new channels of communication, innovating customer engagement, and empowering organizations with critical data in real-time. Samsung Knox devices include a set of productivity apps for both personal and business use.
Business-critical apps include Samsung Email, Internet browser, Calendar, and Contacts. Enterprise IT admins can secure these apps within the Work profile, along with other apps used by the enterprise.
The Knox Platform secures enterprise apps and protects confidential app data through these methods:
- App installations and updates — Apps are pre-installed within the mobile device's secure Work profile and users can update these apps independent of firmware updates through Google Play.
- App isolation — Apps are sandboxed within the Work profile, which uses SE for Android to prevent personal apps from interfering with the business apps that are in the Work profile.
- App permissions — Knox provides App Permission Monitoring to help users prevent malware from using powerful permissions to gain unauthorized access to the device and Work profile.
- Data At Rest — Through Knox's Sensitive Data Protection (SDP), the files and data used by an app can remain encrypted until device users authenticate at device unlock or Work profile login. Individual apps can further deploy an app-specific password as another line of defense.
- Data In Transit — App data sent through the public Internet can be secured using Knox's advanced VPN features.
- DeX integration — Not only are all Samsung native apps optimized to work within DeX, enterprises can secure apps while they're displayed in DeX.
Samsung Email
The Samsung Email app is uniquely designed for customers requiring the secure synchronization of their mobile device's Email calendar, tasks, and memo functions. The Email app can use MS Exchange ActiveSync (EAS) for Single Sign On using company credentials.
In contrast with third-party security solutions, the Samsung Email app uses Sensitive Data Protection (SDP) by default, to automatically:
- Protect email text and attachments
- Secure incoming emails and notifications in real time
The Samsung Email app provides these key benefits:
- Productivity
- Single Sign On (SSO) with EAS
- EAS synchronization of contacts, calendar, tasks, and note data
- Federated LDAP query support
- Security
- EAS certification for account
- EAS certification for S/MIME messages
- EAS certification revocation checks
- EAS certification history support
- Card certification support
- Management
- LDAP account management
- EAS account management
Samsung Internet Browser
The Samsung Internet Browser provides enterprises with the following security features:
- Biometric Authentication — IT admins can enforce biometric authentication for website logins, web payments, and accessing Secret Mode.
- Secret Mode Password — IT admins can enforce password access to Secret Mode, which can contain confidential bookmarks and saved pages.
- Protected Browsing — IT admins can enable warnings to alert users if they try to view known malicious sites, which might try to steal confidential data such as passwords or credit card information.
- Content Blockers — IT admins can allow the use of third-party plugins to filter out content such as:
- ads, which can come with cookies, malware, or viruses
- invisible trackers, which can monitor online activity
Enterprises can take advantage of the following additional capabilities to secure mobile browsing:
- Set up an HTTP proxy
- Enable TLS encryption of browser traffic
- Filter URLs or domains
- Block pop-ups through extensions
- Disable or enable JavaScript
- Disable or enable the auto-fill of forms
- Disable or enable cookies, saved sign-in data
- Delete or preserve personal data
Samsung Contacts
Contacts are the lifeline of any collaborative business environment and empower mobile workers to stay connected. Enterprises need to strike a fine balance between providing employees with easy access to contacts and protecting private contact information from exploitation.
The Samsung Contacts app provides enterprises with the ability to disable or enable the following features:
- Synchronization of contact data with an MS Exchange or ActiveSync server
- Synchronization of contact data inside and outside the Work profile
- Copying of contact info to a SIM card
- Accessing contact info at the end of a phone call
