With mobile cybersecurity threats becoming more sophisticated, ensuring device integrity has become critical for enterprise IT admins to safeguard corporate resources. Recognizing this, Samsung and Microsoft first introduced Knox On-Device Attestation for Intune in 2023, empowering organizations to strengthen the Zero Trust security posture of all Samsung devices in their fleet.
As part of our continued efforts to help ensure that all enterprise data is protected and secure, and to provide an improved user experience for Intune customers, this feature is now enabled by default in all new Android App Protection Policies. Intune administrators can now effortlessly choose their preferred actions for non-compliant supported devices, simplifying policy enforcement efforts and enhancing the overall security of managed applications.
This update also delivers a seamless experience for device end-users, similar to the existing Intune Mobile Application Management (MAM) onboarding processes, ensuring extra protection for your corporate data without added friction. Through this collaboration with Microsoft, Samsung is facilitating the transition to a fully Zero Trust environment for enterprises of all sizes and industries.
Table of contents:
- Samsung Knox On-Device Attestation for Intune: a quick refresher
- What’s new
- Elevate your security posture: Try Samsung Knox On-Device Attestation today
Samsung Knox On-Device Attestation for Intune: a quick refresher
Samsung Knox On-Device attestation is a powerful security solution that leverages hardware-backed technology to verify the integrity of Samsung devices accessing work apps. The solution is available across all ownership models — corporate-owned or personal “bring your own device” (BYOD) — and supports both Mobile Device Management (MDM) and Mobile Application Management (MAM) scenarios, regardless of enrollment type.
By combining Samsung’s Knox security platform with Microsoft Intune’s mobile app management capabilities, this solution ensures that only trusted devices can access sensitive corporate data, adhering to Zero Trust security principles. This attestation process provides IT administrators with the assurance that devices meet the strictest security standards, adding another layer of protection against threats like rooting or unauthorized firmware modifications.
What’s new
This new update simplifies workflows for IT administrators and end-users, providing greater confidence in the security of organizational data within Intune MAM-protected applications on Samsung devices. Here’s what’s new:
- No extra steps for new policies: The On-Device Attestation solution is now part of the default settings for all new Android Intune App Protection Policies, as shown in the image below. This makes it easy for IT administrators to deploy the policy and enforce attestation without any extra steps. The solution only targets supported Samsung devices and is not applicable to other Android devices.
- Easy update for existing policies: Existing Intune policies won’t change automatically. However, Intune administrators can easily adjust existing Android policies with a single setting to enable attestation, without the added complexity of assignment filters or separate policies for Samsung devices.
- No end user actions required during enrollment: End users of supported Samsung devices1 now enjoy a seamless Intune MAM onboarding experience when Samsung Knox attestation is required, with no additional interruptions, or requirements to accept IT, legal, or compliance terms and conditions before enabling the feature.
Microsoft Intune Admin Center showing the Samsung Knox On-Device Attestation as a default setting for new Android App Protection policies. Actual UI may vary.
Elevate your security posture: Try Samsung Knox On-Device Attestation today
There’s no better time to strengthen the security posture of your enterprise device fleet and experience the benefits of this hardware-backed solution. Try it today!
If you’re new to Knox, you can redeem a 90-day trial to experience the power of Knox for free!
1 Select Samsung Galaxy smartphones and tablets, including “Secured by Knox” devices, with Android 15 OS or later.
