Menu

How to remotely lock or unlock device enrolled in Knox Manage

Environment

  • Knox Manage (KM)
  • Android Enterprise (AE) Device Owner (DO) mode
  • Fully managed devices with a work profile
  • Android Legacy devices

Overview

This knowledge base article guides you through several scenarios in which you may want to remotely lock or unlock a device enrolled in Knox Manage:

  • How to lock a lost phone without erasing its data
  • How to unlock a device that is locked by another UEM and not connected to the Internet
  • How to unlock a device that is locked by another UEM and connected to the Internet
  • How to lock a device after too many unsuccessful login attempts 

How do I remotely lock a phone in Knox Manage without erasing its data?

  1. In your KM console, go to Device and select the checkbox next to the device that was lost.
  2. Click on  Device Command >  Device >  Lock Device.
  3. In the Lock Device window, fill in the Message and Phonebook fields with the appropriate contact information.
  4. Click  OK.

The below screen is shown on the device after the  Lock Device command is sent:

How do I unlock a device that is locked by another UEM and not connected to the Internet?

If a device enrolled in KM is locked by another UEM and does not have an Internet connection, the user must enter a 9-digit code to unlock it. To access this code:

  1. In your KM console, go to  Device and find the device that was lost.
  2. Click on the device name.
  3. In the Security tab, next to the  Lock Device line, the 9-digit unlock code is displayed.
NOTE—Entering the 9-digit code only removes the lock screen. You must enter the correct device password to unlock the device.
NOTE—A new unlock code is generated after every use, preventing the same code from being used again.

How do I unlock a device that is locked by another UEM and connected to the Internet?

  1. In your KM console, go to  Device and select the checkbox next to the device that was lost.
  2. In the menu that appears, click on  Device Command >  Device >  Unlock Device.

How do I lock a device enrolled in Knox Manage after too many unsuccessful login attempts?

If you are using an Android Enterprise profile:

  1. In your KM console, go to Android Enterprise > Security.
  2. In the Fully Managed column, enter a value for the Maximum Failed Login Attempts policy.
  3. Under If the maximum number of unsuccessful login attempts is exceeded, select Lock device.

If you are using an Android Legacy profile:

  1. In your KM console, go to Android Legacy > Security.
  2. Enter a value for the Maximum Failed Login Attempts policy.
  3. Under If the maximum number of unsuccessful login attempts is exceeded, select Lock device.
NOTE—A device locked with this method can also be unlocked with the two methods mentioned above.

The below lock screen is shown on the device after the profile is pushed: