Supported Knox MDM policies

SOTI MobiControl

LICENSE

ELM key and Knox license minimum length

ELM license activation

Enterprise billing

Enterprise billing: IPv6 support

Knox license activation/deactivation

Knox license reactivation

Knox license update without deleting container

Knox license validation error types return to IT admin

Multiple license key input

DEVICE APPLICATION MANAGEMENT

Allow application’s notifications

Allow Google Play

App lifecycle management: Install

App lifecycle management: Update

App lifecycle management: Uninstall

Prevent application uninstall by users

S-Pen “AirCommand” support for Knox

SPD update control

The list of installed applications

DEVICE SECURITY MANAGEMENT

Change AD password from device

Control run time permission for Android M

Device encryption with the option for fast encryption

Data Loss Prevention (DLP)

Gear unlock

Knox audit enhancements

Lost phone management - location tracking: Start/stop GPS

Lost phone management - location tracking: Allow power off

Lost phone management - lockout device/remove device lockout

Lost phone management - lockout device/remove device lockout: Allow firmware recovery

Lost phone management - lockout device/remove device lockout: Allow factory reset

Lost phone management - remote password change

Lost phone management - remote wipe (factory reset)

Lost phone management - SIM changing monitoring

Password quality configuration - password age

Security enhancements for Attestation

SD card encryption

UCM - Universal Credential Management

DEVICE USAGE RESTRICTIONS

Allow Bluetooth

Allow camera

Allow cellular data

Allow development mode

Allow incoming/outgoing SMS/MMS

Allow microphone

Allow mock location mode

Allow MTP

Allow NFC

Allow recording (video/audio)

Allow roaming

Allow S Voice

Allow screen capture

Allow SD card

Allow setting changes

Allow tethering

Allow USB debugging mode

Allow USB host storage

Allow Wi-Fi

Audit log

Browser cookies/auto-fill/JavaScript/pop-ups

CC mode

Certificate revocation check

Change date/time manually

Internal storage encryption

Location

Roaming control per app enterprise billing (device)

Set emergency call only

Unknown sources

DEVICE CONFIGURATION MANAGEMENT

Allow/disallow user change Wi-Fi setting

Allow/disallow FOTA upgrade

Email credential – prevent the account from user’s removal

Email credential – prohibit the email forwarding via other accounts

PAC support for HTTP proxy with VPN

VPN HTTP proxy authentication

Wi-Fi configuration policy

Wi-Fi credential policy

Wi-Fi DNS policy

Wi-Fi proxy policy

Wi-Fi SSID blacklist and whitelist

DEVICE TRAFFIC MANAGEMENT

Domain filtering

Firewall policy configuration

Proxy configuration

URL filtering configuration

DEVICE CONFIGURATION

Active Directory support

Application disable

Attestation policy

Bluetooth profile blacklist/whitelist

Browser proxy settings

Certificate management

Configure email account

Container firewall policy

Device firewall policy

Email account black/whitelist

Enable/disable TIMA KeyStore

Enterprise ISL

History of password

Installed application list

Knox Mobile Enrollment with NFC enrollment

Maximum character/numeric password

Maximum failed password for device

Maximum time to lock for password

Minimum upper/lowercase of password

Mobile enrollment

ODE Trusted Boot verification

Password complexity

Password visibility

Samsung theme store control (device level)

SSO policy

TIMA Client Certificate Manager (CCM)

VPN - Android legacy VPN allow/disallow

KNOX CONTAINER RESTRICTIONS

Account addition

CAC authentication inside container

Clipboard copy between containers

Google Play for Work inside Knox Workspace

Knox browser cookies, auto-fill, JavaScript, popup

Restrict the camera in Knox container

Secure keyboard

Share via list

KNOX CONTAINER CONFIGURATION

Allow specific applications to install applications into container

Blacklist for applications (within container)

Blacklist for email account

Blacklist/whitelist of Google account in the Knox container

Bluetooth in container

Browser web proxy

Container creation

Container lock or unlock

Container-only mode

Container removal

Container wipe

Copy app to Knox container

Email account configuration

Enable data sync between personal area and Knox container

Enable file moves between personal area and Knox container

Enable uninstall of applications

Enable/disable applications

Get list of installed applications

GMS apps support in Knox container

Install/uninstall applications

Knox password two factor authentication

Lightweight container

NFC in container

Notification sanitize

Password – maximum failed attempts before container wipe

Password – maximum time to lock

Password - minimum length

Password - minimum mutation on change

Password – password complexity

Password – password history

Password – password quality configuration (e.g. fingerprint)

Password – password reset and timeout

Password – password visibility

SSO – support Generic SSO

SSO – support Samsung SSO (Kerberos)

UMC/SEG

Unlock Knox container & device simultaneously

VPN - Always On connections

VPN - Autoreconnect on communication errors

VPN – certificate based authentication for IPSec VPN

VPN – certificate based authentication for SSL VPN

VPN - Chaining multiple tunnels

VPN - Cisco AnyConnect for Knox VPN client support

VPN - F5 VPN client support

VPN – Knox IPSec per-app VPN (device-wide & container)

VPN – Knox IPSec VPN (device-wide & container)

VPN – Knox SSL per-app VPN (device-wide & container)

VPN – Knox SSL VPN (device-wide & container)

VPN - Mocana VPN client support

VPN - NetMotion Mobility VPN client support

VPN - On-Demand connections

VPN - On-premise VPN support

VPN - OpenVPN

VPN - PulseSecure VPN client support

VPN - StrongSwan (built-in Android VPN client) support

VPN - UID/PID (Allow VPN clients to see which traffic maps to which app)

Whitelist for applications (within container)

Whitelist for email account

KIOSK MODE

Support kiosk mode

ADDITIONAL POLICIES FOR GOVERNMENT

Bluetooth device blacklist/whitelist

Certificate OCSP check

DoD banner

Enable CAC authentication for email/browser

KNOX 2.7 FEATURES

Domain filter block page

Enabling Android for Work APIs (for Knox admins)

Enforce DNS server

Google Play for Work (for device)

Knox Workspace: Deploy app shortcuts in personal home screen

Knox Workspace: Unlock using smart card

Selective FOTA service

Setting Iris authentication to access Knox

Setting PBA (Phone Book Access) profile support for Knox Workspace

TRY FOR FREE

Knox IT solutions are designed to work together to help you from deployment to daily use.

Knox Configure
Configure device settings in bulk
Learn more
Knox Mobile Enrollment
Enroll devices to an MDM in bulk
Learn more
Knox Manage
Manage devices in the cloud
Learn more
Knox Workspace
Secure company data in an encrypted container
Learn more
Samsung E-FOTA
Maintain device OS versions
Learn more