General availability of Samsung Knox Asset Intelligence for Microsoft Sentinel

As mobile devices become increasingly integral to business operations, achieving comprehensive and continuous visibility into these devices is essential for implementing Zero Trust security within the enterprise.

At this year’s RSAC Conference, we announced the preview of Samsung Knox Asset Intelligence for Microsoft Sentinel, an industry-first mobile OEM-to-SOC integration that provides unprecedented visibility into mobile security threats from Samsung Knox mobile devices for Security Operations Centers (SOCs).

Today, we are thrilled to announce that the Samsung Knox Asset Intelligence for Microsoft Sentinel solution is now generally available (GA) for all customers. This release follows an extensive preview program, during which the solution was thoroughly evaluated by leading enterprises for its security value to SOCs, and refined based on the feedback collected from users, including both Security and IT admins.

Available on the Microsoft Azure Marketplace and Microsoft Sentinel Content Hub, this solution enables SOC teams to centralize and integrate mobile security telemetry into their detection and response workflows. It addresses the growing mobile security blind spot for SOCs and delivers visibility comparable to that of traditional endpoints, such as PCs and servers.

Organizations can now deploy this enterprise mobile security solution with full production support, transforming how they detect, investigate, and respond to mobile security threats such as privilege escalation, unauthorized peripheral access, and suspicious URL access, among others.

Workbook page in Microsoft Sentinel, based on custom Workbook template, providing centralized visibility into mobile security threats across the Samsung Knox device fleet

Workbook page in Microsoft Sentinel, based on custom Workbook template, providing centralized visibility into mobile security threats across the Samsung Knox device fleet.

Solution benefits and key enhancements

The general availability release of the Samsung Knox Asset Intelligence for Microsoft Sentinel solution empowers security teams with actionable insights to assess threat levels and respond swiftly.

Comprehensive, centralized mobile security visibility

With the integration of Samsung Knox mobile security telemetry directly into Microsoft Sentinel, SOC teams gain continuous visibility into mobile security threats across their enterprise fleet of Samsung Galaxy devices. This enables SOC teams to integrate and streamline their security workflows across mobile and traditional endpoints.

Enhanced detection and response

This solution enables SOC teams to identify security threats, such as suspicious URLs and privilege escalations, from Samsung Knox mobile devices. It also helps with correlating these threats to provide a holistic view of the enterprise threat landscape. With access to over 65 security events, enterprise security teams can detect an increasing number of mobile security attacks and respond appropriately to address the attack surface.

Leveraging Samsung mobile OEM visibility across the device stack and utilizing on-device machine learning (ML)-based detections, Knox Security Logs can help identify potential Indicators of Attack (IOA) or Indicators of Compromise (IOC). SOC teams can prioritize security events based on each event’s threat level and context, focusing their threat-response efforts based on the most critical threats first. This approach ultimately minimizes both the time-to-detect and time-to-response for each threat.

Working closely with our trusted security partners Avanade and BlueVoyant, we ensured that our solution complements and elevates existing security solutions, enabling value-added mobile security operations and threat detection capabilities tailored to Microsoft Sentinel customers.

Cost-effective and privacy-aware

The solution allows enterprises to customize security event logging based on their requirements, and defaults to only surfacing essential and high-value security events (such as IOAs and IOCs) as alerts. This approach enables organizations to optimize their data ingestion to avoid alert fatigue and cost overruns. The solution also applies privacy filters on-device, to ensure that sensitive data does not leave the device.

Incidents page in Microsoft Sentinel, based on custom Analytics Rule templates, for the SOC to triage, investigate, and respond to mobile security threats from Samsung Knox device fleet

Incidents page in Microsoft Sentinel, based on custom Analytics Rule templates, for the SOC to triage, investigate, and respond to mobile security threats from Samsung Knox device fleet.

Early customer success

During the preview period, we collaborated with forward-thinking organizations to test and refine the solution. Their experiences validated the need to address mobile security blind spots in SOCs, and highlighted the real-world impact of combining Samsung Knox Asset Intelligence with Microsoft Sentinel.

In particular, the solution has garnered significant interest from the financial services sector, where mobile security is paramount. One major European bank that participated in our preview program shared their experience:

“The Knox Asset Intelligence integration with Microsoft Sentinel has fundamentally changed how we approach mobile security. For the first time, we have a comparable level of visibility into our mobile fleet as we do with our traditional endpoints. These new threat detection capabilities will help us identify and mitigate security incidents that would have gone unnoticed with our previous mobile management approach.”

— Chief Information Security Officer, European Banking Institution

With over 50,000 mobile devices across multiple branches, the bank is now preparing to deploy the solution into production following successful pilot testing.

Another early adopter from the U.S. retail sector highlighted the operational benefits:

“We were impressed by the ease of deploying the solution. We quickly started receiving valuable security events from our mobile devices directly on our Microsoft Sentinel dashboards. The integration was smooth, allowing our SOC analysts to begin leveraging mobile security data without additional training.”

— Director of IT Operations, U.S. Retailer

These testimonials highlight the tangible benefits of the solution—ranging from enhanced threat detection to operational efficiency—for enterprises across diverse industries.

Looking ahead

The general availability of Samsung Knox Asset Intelligence for Microsoft Sentinel marks an exciting milestone in our journey toward strengthening enterprise security. Samsung and Microsoft are actively exploring new ways to expand and enhance this innovative integration, empowering SOCs to tackle emerging mobile device security challenges with confidence and efficiency.

Stay tuned for exciting updates and advancements as we continue to shape the future of enterprise security in a mobile-first world.

Elevate your security posture today

The Knox Asset Intelligence for Microsoft Sentinel solution is already available through the Microsoft Sentinel Content Hub and Azure Marketplace, making deployment straightforward for organizations already using Microsoft Sentinel. This solution supports Samsung Galaxy devices running Android 15 or higher, configured as fully managed devices, or devices with a work profile.

There’s no better time to strengthen the security posture of your enterprise device fleet and experience the benefits of this new solution. Learn more about the solution here and through this short video.

If you’re new to Samsung Knox, you can redeem a 90-day Knox Suite trial to experience its full capabilities for free!

Try Samsung Knox for FREE