Important enrollment switches for Samsung KNOX with Android Enterprise (VMware Workspace ONE UEM)

Workspace ONE has a ton of features built specifically for Samsung: KNOX OEM Extensions (modern and legacy), KNOX Service Plugin support (OEMconfig), E-FOTA, KNOX Mobile Enrollment, Legacy containers etc etc. There are a few switches controlling the end result. Today I want to discuss a few ones, that pop up in my practice every few months: License Key and Enable Containers, and how they make (or break) your Android Enterprise Samsung deployment.


Impress your users with an animated logon page in VMware Identity Manager!

Friday is here! First, credit goes to where credit is due – to my UK colleagues. Subscribe to their Twitter and blog – they are useful, and they don’t spam nonsense!

Now, let’s figure out why it didn’t work for the first time…


Is Mobile in your comfort zone?

A colleague of mine shared this post on LinkedIn, about his recent mobile work experience. Conceptually, nothing in that post was really new – we could do the same 10+ years ago. So why are we still hearing then “I’ll get this info to you when I get to the office” or similar replies?

My guess is that it’s not just about you being able to do it, but also, how you feel about it. How many times have you thought “Yeah, I *could* do this now, but it’s so darn tedious. Better wait until I get to the office/home/hotel” ?

Truth is, most people don’t want to leave their comfort zone. But what happens to the investment in mobility tech, if it doesn’t extend that comfort zone into the mobile environment? If I can read my emails on the phone, but acting on most of them requires getting to the laptop, starting VPN, signing into apps several times and being generally stationary for a while?

 - Dilbert by Scott Adams

There are of course mobile apps and services with great user experiece, and there are platform UX guidelines for Android, iOS, Windows etc. But I guess having one great app won’t help.

Thus, I think, it’s not just about mobility per se, but rather a seamless and comfortable user experience across most apps and devices. Would you agree? You can invest into MDM, IAM, SSO, MTD and other TLAs all you want, but if they don’t extend the user’s comfort zone, the best you will get is security, compliance and mildly annoyed users that are still thinking that work can wait.

If you do agree with the above, you may want to check out the short videos below. They are part of a larger playlist dedicated to employee experience. Even though they are cheery marketing videos, they show the actual user experience and workflows.

If you want less cheery and more technical info, check out this article on Intelligent Hub Services APIs and Mobile Flows at

And if you are visiting VMworld 2019, you may be interested in this session:

Whatโ€™s New: Revolutionize Employee Productivity with Mobile Flows and Intelligent Hub [DEE2301BU]

If you don’t agree with the above (even after viewing the videos below) – could you please write why? Happy viewing!

Workspace ONE Mobile Flows
Workspace ONE Mobile Flows
Get your Employees Productive from Day 1

Future of NFC provisioning for Android (Beam deprecated in Q)?

I use NFC provisioning a lot when I work with Android Enterprise (especially, the Device owner scenarios).

Apps like AirWatch Relay or Knox Deployment make testing and playing e.a.s.y. – I don’t have to tap through the Startup Wizard, type in my 20+ char WLAN PSK, manually enroll the device etc. And I can have different profiles!

Well, boys and girls, bad news. Google has deprecated Android Beam – the technology used in those apps – in Android Q.

The good news is that reading NFC tags is still supported. So you can provision Android Q via an older phone (for now).

Or, with Android 9+ you can switch to QR code. But on Android 8 and older you’d need to type the PSK manually, since the device needs to download the QR reader library before it can read the barcode ๐Ÿ™‚

What are your thoughts? Are you using NFC provisioning? Leave a commend below!