February 19, 2018

Android Enterprise and Samsung Knox: Your questions answered here

Samsung Knox News

As of Android Oreo, IT admins can seamlessly update from Android Enterprise management features to the more robust Samsung Knox solutions. Here are some common questions that the Samsung Support team has received about this new workflow:


Q: How do I update from Android Enterprise management features to Samsung Knox?

A: This upgrade path allows IT admins to manage Android Enterprise with Knox policies by activating a Samsung Knox license. Enterprises can now take advantage of both Android Enterprise and Samsung Knox features instead of choosing between the two solutions.


Q: Why are Google and Samsung providing this upgrade path?

A: The two separate solutions, Samsung Knox and Android Enterprise, presented challenges:

  • Enterprises had to evaluate two similar solutions on Android.
  • Enterprises were finding it difficult to differentiate between the features of the two solutions.
  • Enterprises had to delete and replace in order to switch from one solution to the other solution.

To resolve these major customer pain points Samsung and Google worked together to create an upgrade path from Android Enterprise to Samsung Knox.


Q: Is this solution unique to Samsung?

A: Samsung Knox devices include hardware-backed security features. These features may not be available on non-Samsung devices.


Q: Will licensing and pricing options for Knox Platform for Enterprise change?

A: As of now, nothing is changing for Samsung Knox. Pricing and licensing will continue to be as-is until further notice.


Q: What are some benefits of using Android Enterprise on a Samsung device?

A: Samsung devices provide additional security features:

  • Knox Trusted Boot provides additional protections to the device beyond Android Secure Boot
  • Knox Real Time Kernel Protection monitors the device kernel during runtime and prevents tampering of the kernel
  • Knox TIMA mechanisms confirm that the device is in a trusted state
  • A compromised device will not allow Knox Work Profile or Knox Platform for Enterprise to run
  • Enhanced encryption
  • Hardware-based KeyStore


Q: What happens to current customers using Android Enterprise?

A: Any existing implementation of Android Enterprise will continue to operate as before.


Q: Will Knox Premium support this upgrade path?

A: Yes, you can use Knox SDS IAM & EMM to create Android Enterprise and then activate Knox license to take advantage of Knox features along with Android features on the same device.


Q: How can I upgrade from Android Work Profile to Knox Platform for Enterprise?

A: IT admins can activate a Knox license to upgrade an Android Work Profile to Knox Platform for Enterprise. After activating a license, IT admins will be able to deploy both Android and Knox policies.


Q: Which devices support this upgrade path?

A: As long as the Galaxy phone is on Android O, the device supports the upgrade path. Also, once a device with Knox 2.6 or above updates to 3.0, the upgrade path will be available on that device.


Q: How can IT admins benefit from this upgrade path?

A: This upgrade path allows IT admins to manage a single solution with features from both Android and Knox while taking advantage of Samsung Knox security features.


Next steps


IT admins

The Knox Admin Guide

End users

The Knox User Guide


Samsung Knox and Android Enterprise