Knox Platform for Enterprise (KPE) is a military-grade mobile solution for IT admins to manage and secure Samsung phones, tablets and watches for business.
KPE provides a set of advanced and unique mobile device security management features* to the underlying Android OS, for business customers and partners who require higher security standards.
Explore Knox Platform for Enterprise features below, or download the white paper for more details.
Knox Platform for Enterprise is part of Knox Suite. Learn more
Knox has achieved more global government security and third-party analyst certifications than any other device, platform, or operating system.
The Knox Platform for Enterprise solution provides a robust set of features on top of the core Android Enterprise platform, to fill security and management gaps and meet the strict requirements of highly regulated industries.
The additional features in KPE have been designed to address more sophisticated security needs for confidential data, providing powerful features for Android for stringent requirements in highly regulated industries.
The following table summarizes unique advantages offered by KPE in addition to Android Enterprise.
|Key Features||KPE PREMIUM||KPE STANDARD||ANDROID ENTERPRISE*||KPE Differentiation|
|Hardware-backed trusted environment||Hardware Root of Trust||Fully supported||Fully supported||Partially supported||Device-unique hardware keys and one-time programmable fuses|
|Build trust||Fully supported||Fully supported||Partially supported||Hardware-backed|
|Maintain trust||Fully supported||Fully supported||Partially supported||Runtime kernel protection|
|Prove trust||Fully supported||Fully supported||Partially supported||Hardware-backed, device-identifiable|
|Robust data protection||Data at rest||Hardware-based data isolation||Fully supported||Partially supported||Partially supported||3rd-party container support, granular configuration|
|On-device encryption||Fully supported||Fully supported||Fully supported|
|Sensitive data protection||Fully supported||Fully supported||Not supported||Data-at-rest protection even when device is in use|
|Data in transit||Flexible on-device VPN options||Fully supported||Partially supported||Partially supported||On-demand, dual-chaining, web protect over VPN, on-premise bypass|
|Gov.-certified built-in VPN client||Fully supported||Fully supported||Partially supported||Government-certified features|
|On-device firewall management||Fully supported||Fully supported||Not supported||URL based filtering, per-app control, blocked access logs|
|Comprehensive device management||Wide range of device configurations||Fully supported||Partially supported (with differentiation added)||Partially supported||Advanced authentication options, booting splash customization, etc.|
|Advanced mobile app management||Fully supported||Fully supported||Partially supported (with differentiation added)||Granular app management without Managed Google Play|
|System-level device feature restriction||Fully supported||Partially supported (with differentiation added)||Partially supported||Factory reset (recovery mode), firmware flashing (download mode)|
|Granular device monitoring and control||In-depth device usage||Fully supported||Not supported||Not supported||Audit logs|
|In-depth network usage||Fully supported||Not supported||Not supported||Network platform analytics|
|Optimized remote control||Fully supported||Fully supported||Partially supported||High performance, device-wide control; SECURE_FLAG overriding|
|Versatile credential/ certificate management||Universal Credential Management||Fully supported||Not supported||Not supported||Customizable Keyguard/ ODE|
|HW-based Client Certificate Management||Fully supported||Fully supported||Partially supported||Hardware-backed, wide range of CSR/ CEP support|
|Certified and trusted by experts and government bodies||Fully supported||Partially supported||Partially supported (with differentiation added)||Most "strong" ratings by Gartner|
Universal Credential Management (UCM) provides a plug-and-play framework for credential management across a variety of storage media.
The Client Certificate Manager (CCM) is another feature of KPE and augments the security of the Android Keystore. It supports features such as device-unique certificates, hardware tamper-proof fuses and supports a wide range of certificate enrollment protocols like:
Active Directory password on device
New TIMA Keystore per-app API
Container lock, wipe
Advanced Container configurations
Power on and off control
App permission monitor management
Enhanced app permission monitor
Get a free trial licence key to use Knox Platform for Enterprise in your MDM/EMM console.
Purchase an annual licence from your local Knox reseller.
Our Knox sales team is ready to collaborate with you to address your biggest business challenges. Please provide your contact details to discuss a project with our sales team.