All of the following features work with Samsung devices.

Mobile Device Management Policies

Send remote commands

Remotely reboot, wipe and locate devices.

Also works with non-Samsung Android devices
Also works with iOS devices

Manage passcode settings

Set minimum passcode requirements, including length, complexity and expiry periods.

Also works with non-Samsung Android devices
Also works with iOS devices

Manage IMAP, POP and Exchange ActiveSync (EAS) profiles

Configure IMAP, POP, and EAS accounts with the native email client on Samsung and iOS devices.

Also works with non-Samsung Android devices
Also works with iOS devices

Manage device functionalities

Allow or disallow device roaming, screen capture and other settings.

Also works with iOS devices

Kiosk mode

Lock devices into performing only key functions that the enterprise has specified.

Also works with iOS devices

Manage VPN profiles

Set up VPN that supports the IPSec protocol suite with features such as Internet Key Exchange (IKE and IKEv2), split tunneling mode, and Suite B cryptography.

Also works with iOS devices

Manage access to device peripherals

Allow or disallow device roaming, screen capture and other settings.

App Management Policies

Push and install apps to the device

Remotely push and install apps to connected devices.

Also works with non-Samsung Android devices
Also works with iOS devices

Manage access to pre-loaded services

Manage access to preloaded services such as cloud backup and voice recognition.

Also works with iOS devices

Manage access through blacklists and whitelists

Create lists of authorized and restricted apps on connected devices.

Knox Platform Security Features

Secure Boot

Secure Boot only allows trusted firmware images such as operating systems to load on the device.

Trusted Boot

Continues to check for authorized firmware after system boot by using cryptographic keys in the TIMA keystore to verify that only authorized apps and services are running on the device.

SE for Android

Separates device into different domains and enforces Mandatory Access Control (MAC), which grants apps with the minimum required permissions to operate in each domain.

SE for Android Management Service (SEAMS)

SE for Android Management Service (SEAMS) also provides controlled access to the SELinux policy engine.

TrustZone-based Integrity Measurement Architecture (TIMA)

TIMA is a tamper-resistant sector of an ARM processor and ensures that the Linux kernel has not been compromised.

TrustZone-based KeyStore

If TrustZone determines that the system is compromised, all cryptographic operations will be disabled.

TrustZone-based On-Device Encryption (ODE)

Further strengthens the full-device encryption capability offered by the Android platform. The system integrity as determined by Trusted Boot is verified before the data is decrypted to ensure that all device data is protected in the unlikely event that the operating system is compromised.

Hardware-based attestation

The enterprise's MDM can request Attestation on-demand to check if the device system has been compromised. Attestation compares the original kernel measurements to the current kernel on the device to verify that a kernel is authorized before Knox Workspace is installed.

Data-at-Rest (DAR) security

Allows the data in container to be always encrypted when the screen is locked or the device is powered off.

Support for Common Access Card

Supports dual authentication using Common Access Cards (SmartCards).

Support for FIPS-compliant VPN clients

Federal Information Processing Standards (FIPS) is a certification used by the National Institute of Standards and Technology (NIST) to evaluate data security. Knox VPN is FIPS 104-2 Level 1 certified for both Data-at-Rest (DAR) and Data-in-Transit (DIT).

Add-on with Knox Workspace
Knox Container Policies

Manage account and email settings

Manage and install IMAP, POP, and EAS accounts inside the Knox container.

Manage passcode settings

Save, view, delete and protect your passwords.

Manage Exchange ActiveSync, IMAP and POP

Use ActiveSync to synchronize with your Microsoft Exchange server and create mailbox policies.

Push and install apps to the Knox container

Remotely push and install apps to the Knox container.

Enable Google Play store in container

Enable users to access the Google Play store inside the Knox container.

Add-on with Knox Workspace

Manage container restrictions

Enable or disable camera use, screen capture, and other features.

Add-on with Knox Workspace

Manage VPN settings for the Knox container

Enable FIPS mode or non-FIPS mode, configure VPN profiles, and set up per-app VPN for apps inside the Knox container.

Add-on with Knox Workspace

Manage browser settings

Enable or disable auto fill, cookies, force fraud warning, JavaScript, and popups.

Add-on with Knox Workspace

Manage firewall settings

Set up allow, deny, redirect exception, reroute, and other firewall rules.

Add-on with Knox Workspace
Active Directory Integration

Integration with Active Directory

Knox Active Directory integration provides control over account provisioning and supports Single Sign-On (SSO).

Policy management with Active Directory

Restrict access and enforce group policies based on membership in your existing Active Directory infrastructure.

Cloud-Based User Management

Set up and manage users and roles

Centrally manage your users and assign roles via the cloud.

Single Sign-On

For mobile apps

Knox Premium customers can configure SSO for up to 3 mobile apps.

For web apps

Non-Samsung Android and iOS devices support SSO for up to 3 mobile and web apps combined. Samsung devices support unlimited SSO for Knox Premium customers.

Support

Documentation

Self-help documentation includes User Guides, Admin Guides, How To information, and FAQs.

Online support

Our agents are standing by to assist with all your support needs.

Phone support

Available during local business hours.

Service level agreement

Guaranteed response times.