Important enrollment switches for Samsung KNOX with Android Enterprise (VMware Workspace ONE UEM)

Workspace ONE has a ton of features built specifically for Samsung: KNOX OEM Extensions (modern and legacy), KNOX Service Plugin support (OEMconfig), E-FOTA, KNOX Mobile Enrollment, Legacy containers etc etc. There are a few switches controlling the end result. Today I want to discuss a few ones, that pop up in my practice every few months: License Key and Enable Containers, and how they make (or break) your Android Enterprise Samsung deployment.

Why is that important

In older versions of Workspace ONE and KNOX, these switches were interdependent: you would enable containers and provide the KNOX license key. Now, however, they are separate, and if configured incorrectly, your Android Enterprise enrollment will be downgraded to Legacy.

How do I do it right?

Basically, Enable Containers always means two things:

  • You must provide a key
  • Your enrollment type will be Legacy (since they are Legacy Containers)

Here’s a small decision tree based on what Enrollment type you have:

  • Android Legacy Enrollment (DA)
    • Containers Enabled
      • License Key present = KNOX container and features activated
      • License Key absent = KNOX container won’t work (needs key)
    • Containers Disabled
      • License Key present = container is off, but other KNOX premium features activated
      • License Key absent = vanilla legacy Device Admin with free KNOX features
  • Android Enterprise Enrollment (DO/WP)
    • Containers Enabled
      • !!! BAD IDEA !!! KNOX Play for Work (Legacy Enrollment! + Managed Play Store inside the container if key is present)
    • Containers Disabled
      • License Key present = Android Enterprise with KNOX Workspace and Premium features
      • License Key absent = vanilla Android Enterprise

Here’s the same as a picture for your viewing pleasure (clickable)

Samsung KNOX Enrollment options

Summary

If you want AE to work on KNOX – do not enable containers in those Organizational Groups (remember, these settings are per OG)! Simple!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

<span>%d</span> bloggers like this: