Miradore is compatible with Samsung Knox Mobile Enrollment, which provides IT administrators a streamlined way to enroll Samsung devices in an MDM/EMM solution without having to manually enroll and configure each device. Samsung Knox Mobile Enrollment can be used to enroll devices in Fully managed and Fully managed with work profile modes.
Knox Mobile Enrollment is primarily used for enrolling devices purchased from an official reseller. However, Samsung also offers the possibility of adding devices that were not purchased from a Knox Mobile Enrollment-capable reseller to the program.
For modern Samsung devices, zero-touch enrollment is also available.
Benefits of using Samsung Knox Mobile Enrollment
Using Knox Mobile Enrollment has the following benefits:
- Simplified initial setup and enrollment of Samsung devices, especially when a company requires bulk device enrollment with little configuration variance amongst the devices deployed.
- Easy device enrollment for device users because they're not required to do anything. Once they receive the device and power it on, the device automatically configures itself according to the settings provisioned by the enterprise via Miradore.
- Devices cannot be tampered with. Even if a device enrolled through Knox Mobile Enrollment is factory reset, the Miradore client will be re-installed once the device is powered on and connected to a wireless network again.
Requirements for Knox Mobile Enrollment
To be eligible for Samsung Knox Mobile Enrollment, ensure the following:
- The Knox Configure portal is available in your country
- You have registered for a Samsung Knox Portal account
- You have created a Samsung Account
- Your devices support Samsung Knox
Samsung Knox Mobile Enrollment feature availability on different Knox versions
| Feature | Knox version |
|---|---|
| Knox Mobile Enrollment via NFC | 2.4 or later |
| Out-of-box enrollment via Wi-Fi | 2.4 or later |
| Out-of-box enrollment via cellular data | 2.6 or later |
| Factory reset protection | 2.7.1 or later |
| Bypassing Skip Setup Wizard | 2.7.1 or later |
| Knox Configure and Knox Mobile Enrollment same device compatibility | 2.8 or later |
| Knox Mobile Enrollment with Device Owner mode support | 2.8 or later |
For detailed information on using Knox Mobile Enrollment, see Samsung's admin guide.
Connect Samsung Knox Mobile Enrollment with Miradore
To connect Knox Mobile Enrollment with your Miradore site, do the following:
-
- In Miradore, navigate to Enrollment > Android Enterprise.
- Select Actions > Download Knox Mobile Enrollment configuration at the top of the page to download the JSON template needed to create an MDM profile in the Samsung Knox Enrollment portal.
- Sign in to your Samsung account.
- Select MDM Profiles, then select Create profile.
Creating an MDM profile in the Samsung Knox Mobile Enrollment portal - Select Android Enterprise.
- Enter the following information:
- Profile name: Enter a name for the profile. This can be, for example, the name of the organization whose devices are managed.
- MDM information: Select Force Device Owner enrollment.
- Pick your MDM: Select Miradore.
Android Enterprise profile details Note: Do not modify the MDM Agent APK and MDM Server URI fields.
- Select Continue.
- Define the Android Enterprise profile settings as follows:
- Custom JSON Data (as defined by MDM): Open the JSON file you downloaded from Miradore in a text editor of your choice, then copy its contents into this field.
- System applications:
- Disable all system applications: Select this checkbox to disable all system applications, making them unavailable within the Device Owner mode profile.
- Leave all system apps enabled: Select this checkbox to ensure all pre-installed system apps are enabled and available within the Device Owner mode profile. If this option is not selected, only a limited set of default system apps (My Files, Contacts, Google Play) are displayed in the device's apps tray. Systems apps reside within the device's read-only
/system/appfolder and cannot be installed or removed by the device user.
- Company name: Your organization's name. This name will be shown to device users at the time of device enrollment.
Android enterprise profile settings
Important: In order to avoid errors, ensure that Dual DAR is not enabled.
- Assign the profile to your devices from the Devices menu.
Devices in the Knox Mobile Enrollment portal
Results: The MDM profile is assigned to the selected devices, which are ready for enrollment.
Note: The MDM profile can be automatically assigned to devices bought from selected resellers through the Resellers menu of the Knox Mobile Enrollment portal. This feature is especially useful if you want to enroll multiple devices purchased from specific resellers to the same Miradore site.
Enrolling the devices
After assigning the MDM profile to a device, the enrollment process can be started by turning on the device and following the steps of the setup wizard. For a successful enrollment process, ensure the following:
- If the device was previously used, it must be factory reset before it can be enrolled.
- The device must have access to the internet via Wi-Fi or an unlocked SIM card with available mobile data.
Adding devices not purchased from a reseller to the Knox Mobile Enrollment program
Samsung allows companies to add their devices to the program even if the device was not purchased from a Knox Mobile Enrollment-capable reseller, so that these devices can also benefit from zero-touch enrollment, locking the device to a company account, and forced enrollment.
To add such devices to the Knox Mobile Enrollment program, use a Knox Mobile Enrollment profile with a QR code. This way, when the device is registered in the Knox Mobile Enrollment program, it gets enrolled in Miradore at the same time. For detailed information and instructions, see Samsung's documentation.
Previous Article:
« Enrolling Android devices without a camera or Google services
Next Article:
Android Zero-touch enrollment with Miradore »