Home > Enterprise Mobility Management > Profiles and Settings > Samsung KNOX

Samsung KNOX

Samsung KNOX is platform available for compatible Samsung Android devices that can be used to enhance device security when combined with a Mobile Device Management (MDM) platform, such as Systems Manager Enterprise. This article will discuss features available in Systems Manager Enterprise as part of this platform. 

Note: While profiles containing Samsung KNOX settings can be applied to any device, they will only be effective on compatible Samsung devices.
  

Systems Manager Security Policies can also be used to control deployment of profiles to devices based on their compliance status.

Kiosk Mode

Kiosk mode can be used to force a device to always run a single app full screen, with no access to other apps, device settings, etc. This is ideal for point-of-sale (POS) terminals, interactive displays, or similar applications. 

 

To configure:

 

  1. Navigate to MDM > Settings.
  2. Select the desired Profile, or create a new one.
  3. Go to the Samsung Knox tab.
    Note: If licensed for Systems Manager Enterprise and this tab doesn't appear, contact Cisco Meraki Support to have it enabled.
  4. Click the checkbox next to Enable Kiosk Mode.
  5. Select the desired managed Application from the list. Only managed apps can be used, and must be added on the MDM > Apps page.
  6. Click Save Changes.

To use the profile, ensure that both it and the desired app have been applied to the device. Read the article on Pushing apps and profiles to devices for more information. Once the app and profile are installed, the device will run the app in full-screen mode whenever it is online.

App Whitelist and Blacklist

The blacklist functionality can be used to control which apps are allowed to be installed on devices. To enable:

 

  1. Navigate to MDM > Settings.
  2. Select the desired Profile, or create a new one.
  3. Go to the Samsung Knox tab.
    Note: If licensed for Systems Manager Enterprise and this tab doesn't appear, contact Cisco Meraki Support to have it enabled.
  4. Click the checkbox to Enable App Whitelist/Blacklist.
  5. Configure as desired, based on the options discussed below.
  6. Click Save Changes.

Note: Managed apps (MDM > Apps) are NOT exempt from these restrictions. Managed apps will fail to deploy if blacklisted. Ensure these apps are either not blacklisted, or covered in the whitelist.

App Blacklist

The App Blacklist is used to indicate any apps (or patterns) that users are not allowed to install on the device. The app is listed by its package name (ex. "com.meraki.sm" for the Systems Manager app), and can use wildcards to blacklist groups of apps (ex. "com.meraki.*" would block all Meraki apps). 

 

Apps can easily be added by using the Select apps bar to search by display name, and then clicking the icon to add the app to the list.

 

Apps can also be manually entered by typing the desired package name, or pattern, in the textbox. Once the desired pattern has been entered, click Add option.

Once the packages are added, they'll appear as individual bubbles in the field. To remove a package, click the X.

After the profile is pushed to the device, any user attempting to install apps that violate the blacklist will receive a message similar to the one shown below.

App Whitelist

The App Whitelist is used to indicate any apps that should be explicitly allowed, overriding the blacklist. Package names are entered in the same way as blacklisted apps above. 

Apps that were installed prior to the whitelist being created will remain on the device. Only future app installations will be subject to the whitelist.

Permissions Blacklist

The permissions blacklist will not allow users to install apps that require any of the permissions selected. Information about what is provided by each of these permissions is available in the Android Developer Documentation.

 

As an example, the ability to send or receive text messages (SMS/MMS) over cellular could be blocked by selecting the following permissions.

Overriding Blacklists with Whitelist Profiles

Blacklist and whitelist settings will be combined across profiles on a device, with whitelist settings taking priority. Thus, a general profile could be deployed to all devices with more restrictive settings, and then more apps allowed through a second profile with whitelist options.

You must to post a comment.
Last modified
10:45, 27 Jul 2017

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 1225

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case