Samsung devices running Android version 9.0 and above will now support Google’s Android zero-touch enrollment as published in Google’s blog. Both Knox Mobile Enrollment (KME) and Android zero-touch are automated enrollment tools which alleviate the mundane manual configuration steps that once existed within an IT helpdesk.
There are, however, some unique KME features IT administrators should be aware of when deciding which enrollment solution to use with Samsung devices.
What is Knox Mobile Enrollment?
Samsung Knox Mobile Enrollment (KME) is a cloud-based solution that allows IT administrators to enroll Samsung devices into their Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) services during the initial device setup process. KME acts as a central hub for your mobile device fleet. It keeps an inventory of your company’s assets while taking the workload off IT administrators and end users by simplifying device enrollment into your chosen MDM or EMM solution. A full list of supported devices can be found here.
Once an IT administrator has created and assigned a KME profile, devices can be sent directly from procurement teams to end users, skipping the costly and time-consuming configuration steps and creating a simple out-of-box enrollment experience. From the beginning of a device lifecycle, this automation process creates an enrollment flow which makes sure your company’s devices are always compliant with your corporate IT policies.
What does Knox Mobile Enrollment offer that other solutions don’t?
Feature |
1. Hybrid enrollment option with MDM/EMM agents hosted locally. |
2. User credentials pass-through by IT administrator. |
3. Support for public root/intermediate certificate installation during enrollment. |
4. Non-randomized MAC address configuration for corporate network firewall configuration. |
5. Knox DualDAR setup support. |
6. Reliable device verification process of the Knox Deployment Program, backed by Samsung’s secure supply chain management. |
7. Flexible device registration including Knox Deployment application and QR code. |
8. End-to-end technical support by Samsung for both devices and cloud solutions. |
9. Seamless customer care support at Samsung’s authorized service centers for the devices enrolled in Knox cloud solutions. |
10. Common IT admin identity and unified device enrollment process with other Knox solutions. |
Hybrid enrollment option with MDM/EMM agents hosted locally
Traditionally, an MDM or EMM will publish their management agent on their website or in the Google Play Store, which devices can then download over the public internet. Depending on how fast your connection is, this can be a time-consuming process, or depending on how security-sensitive your organization is, this can be deemed a potential security threat. For enhanced security and to speed up the enrollment process, KME allows you to enroll devices into MDM/EMM services with their agents hosted locally within your internal network. Learn more about profile configuration.
User credentials pass-through by IT administrator
IT administrators can take automation to the next level by making use of KME’s end user credential pass-through feature, which allows IT administrators to pre-configure user credentials for devices, further reducing the number of enrollment steps on the device.
Support for public root/intermediate certificate installation during enrollment
On top of role-based access control and activity logs, during the enrollment process administrators have the ability to automatically install root/intermediate certificates for more secure MDM/EMM enrollment.
Non-randomized MAC address configuration for corporate network firewall configuration
Organizations that use MAC address filtering for their network firewalls will also easily be able to export a list of device MAC addresses from the console using KME’s device export feature and enable the device to use non-randomized MAC address during initial setup by default.
Knox DualDAR setup support
DualDAR (Dual-layered Data-At-Rest encryption) architecture can be enabled which provides multiple layers of encryption. Learn more about DualDAR architecture.
Reliable device verification process of the Knox Deployment Program, backed by Samsung’s secure supply chain management
Devices can be added to Knox Mobile Enrollment through the Knox Deployment Program (KDP), which enables participating Samsung device resellers to verify corporate device ownership by adding device IDs for their customers via a secure web console and/or server APIs.
Flexible device registration including Knox Deployment application and QR code
Devices can also be added directly by IT administrators by using Samsung’s Knox Deployment application (KDA) which is publically available on the Google Play Store, found here, or QR codes. These two options are particularly useful when adding already-purchased devices that have not been previously verified as belonging to a KME customer, corporate devices not bought through a KDP-participating reseller, or devices that need to be staged and prepared prior to being handed over to end users.
Common IT admin identity and unified device enrollment process with other Knox solutions
Once devices are added into your KME console, this will unify device availability across other Samsung Knox solutions such a Knox E-FOTA (OS version control, Learn more about Knox E-FOTA) and Knox Configure (Device customization, Learn more about Knox Configure) allowing you to get started with these management solutions without additional steps.
Samsung and Google will continue to work together to offer more choices and the best experiences for our mutual customers. At the same time, Samsung will continue to evolve KME as a comprehensive and advanced enrollment tool so that customers can enjoy the full benefits of Samsung devices and Knox features/services.
Try Knox Mobile Enrollment for free
Apply for free access to the Knox Mobile Enrollment dashboard at samsungknox.com/kme.