Samsung KNOX

Products Overview

Doc v1.3
 What is Samsung Knox

I. Product Introduction
Samsung Knox as a “Mobile B2B Brand” (Stacked View)

Knox is Samsung’s mobile B2B brand with a series of security, manageability and productivity solutions built
on top of the Knox Platform for Enterprise.

Cloud Services

Knox Knox Mobile Knox Samsung

Configure Enrollment Manage E-FOTA
• Frictionless device setup, • Bulk EMM enrollment • Cloud-based EMM • Device OS version control
out-of-the-box • Automated/enforced enrollment • Device/app management • Scheduled/enforced update
• Bulk device configuration

On-device Security

Knox Platform for Enterprise

Knox Workspace container including
• Multi-layered platform built into software and hardware Management Framework Knox
• Constant verification of the integrity of device SE for Android
Workspace
• Robust data protection & key storage container
TrustZone-based Integrity Measurement Architecture
• Advanced VPN, APN, firewall management
Hardware Root of Trust

3
Samsung Knox as an “Enterprise Mobility Solution” (IT Journey View)

Samsung Knox offers a comprehensive enterprise mobility solution portfolio for IT admin to address a variety of
business needs through the entire device life cycle for business.

CONFIGURE ENROLL MANAGE SECURE MAINTAIN

DEPLOYMENT & PRODUCTIVITY SECURITY & MANAGEABILITY

4
 What is Knox Platform for Enterprise (KPE)?

I. Product Introduction
What is KNOX Platform?

Knox Platform: highest standards of mobile security

Samsung has built the Knox platform to ensure corporate data on the device are
protected and managed at all time: Powered-off  Boot-up  Runtime

Powered-off Boot-up Runtime

3D0D
“AB1
0%239
BE8*E
Z991P
D9SQE
DA‘1M
AP

Hardware-based Boot-time Real-time

Key Store Inspection Protection

Device storage encryption by default

with keys stored in TrustZone
Kernel is monitored real-time, and any
attempt to modify the kernel is blocked
Verification of Samsung genuine immediately
and uncompromised software and its version

TrustZone : Completely isolated space on the chipset

as the hardware-rooted trusted environment
to ensure the security and integrity
The Next Level Security Platform for Everyone
Knox Platform for Enterprise is a defense-grade mobile platform built from the hardware up for every Samsung
device user, either consumer or enterprise.

ATTACKER

Threat One security hole could be Solution Knox Platform for Enterprise safeguards

 all they need to take

full control over the device  your corporate data in all areas where
there is any risk of being compromised

7
Market-proven Product in Every Aspect
Knox Platform for Enterprise has been widely used in the market throughout the world since 2013 and will continue to
evolve to be an even more complete and mature solution.

Activated on Purchased by customers Used on secure government

50M+ devices in 80+ countries networks worldwide
Highly optimized
Supported/used by 1000+ APIs for for Samsung devices
full device management
1000+ solution partners
Government certified
Fully harmonized
with Android Enterprise
Since 2013 in 30+ countries*

More differentiated “Strong” ratings in 25 of 28 categories

Sold via in 2017 by Gartner mobile security report
and more flexible
200+ resellers
over the word End-to-end technical support
from hardware to solution

8
* Including Common Criteria members
Samsung KNOX Achievement and Certifications

Trusted by experts and government bodies

In addition to multiple government certifications, Samsung Knox has received outstanding
ratings by Gartner in its mobile security platform comparisons for the past three years

Most “Strong” Ratings

of Any Mobile Security Platform by
Mobile Device Security : A Comparison of Platforms
2015, 2016, and 2017

Meets stringent government security standards worldwide including MDFPP of NIAP

What is Samsung KNOX?

Supported by major EMMs in the market

To enable Knox Platform for Enterprise features, you don’t need to use any additional console.
Use your existing EMM to trigger and manage Samsung’s differentiated security and management features

…
Complete Security/Management Solution for Enterprise Device
Knox Platform for Enterprise provides a set of advanced/unique security management features for enterprise
customers and partners which require higher security standards.

Knox Platform for Enterprise (KPE)

1. Hardware-backed Trusted 4. Granular Device

Environment Monitoring & Control

2. Robust Data Protection 5. Versatile Credential &

Certificate Management

3. Comprehensive 6. Certified & Trusted by Experts

Device Management and Government Bodies

KPE features are

manageable via Partner
Knox cloud services Solutions
Cloud Services and partner solutions* (EMM/VPN/etc.)
11
* Both on-premise/cloud
 ProductOverview
Ⅰ. Product
Ⅰ. Overview

What is Knox Configure?

Cloud-based service that allows businesses to remotely configure
a large number of Samsung devices and tailor them to specific business needs

Frictionless Purpose-Built
Out-of-the-Box Setup Appliance

Rebranded Advanced Device

Software Over-the-Air Configuration for Bulk Devices Configuration
05
III. Device Eligibility & Verification

Minimum Device Requirement

Samsung ‘Galaxy’ devices Samsung ‘Gear’ smartwatches

With Android Nougat (7.0) or above With Tizen Wearable 3.0 or above

(Knox 2.7.1+) (Knox 2.2)

15
III. Device Eligibility & Verification

Device Ownership Verification

Type 1 Type 2

Bulk Device ID Upload NFC/Bluetooth Connection

• By Reseller • By IT Admin
- Devices must be purchased from Knox - Device ownership can be immediately
Deployment Program(KDP)-participating verified
resellers
- Using Knox Deployment App
- Only the participating resellers can
- Designed for a small number of devices
upload device IDs
(e.g. test devices)
- Designed for a large number of
commercial devices

16
I . Product Overview

What is Knox Manage?

Cloud-based EMM solution that allows IT admins to set up, manage and monitor
devices remotely to increase business efficiency and secure corporate data

· All major platforms supported

· The fastest time-to-market of new features for Samsung devices
17
 Key Advantages of
Knox Manage

Quick and Easy Deployment Robust Management Comprehensive Controls

I . Product Overview

Knox Mobile Enrollment

Controlling corporate devices is made easy

Enrolling devices to Knox Manage Service

Traditional

IT registers device IT sends EMM User downloads &

User logs in Device is enrolled
(phone numbers, email…) installation link installs EMM

VS
Knox Mobile Enrollment

Automatic Bulk Enrollment

Turn on & Connect to network (Wi-Fi/4G/LTE)
IT registers device EMM is automatically installed & logged in with user credentials Device is enrolled
(IMEI, S/N…)

19
III . Device Eligibility & Verification

Device Minimum Requirement

Multi-OS Support*

For Knox Manage For Knox Mobile Enrollment

• Samsung Galaxy devices with Knox Platform v2.4 or above

• Android - Kitkat (v4.4 or above)
(= Android Kitkat or above)

• iOS - 8 or above

• Windows 10 - All edition

Models from 2015 to the Latest Ones

20
* Available features may vary depending on the platform versions
Ⅳ . Appendix

Feature list by OS
Samsung
Category Features Android iOS Windows
Android
KME (Knox Mobile Enrollment) ●

Device Connectivity setup (Wi-Fi, VPN, Certificate, Exchange) ● ● ●

Setting Email account setting ●
Application push ● ◐ ●
Application black/whitelist settings ● ◐ ● ●
Allow App store ● ●
Interface control (Wi-Fi, Bluetooth, Microphone force on/off) ● ◐ ◐ ◐
Functional restrictions (Camera, Screen capture, External SD card, etc.) ● ◐ ◐ ◐
Block factory reset ● ● ●

Device Allow voice call ● ●

management Incoming/Outgoing SMS/MMS restrictions ●
Data usage restrictions ●
Force GPS on/off ●
Kiosk setting (Single/Multi app kiosk) ●
E-FOTA* ●*
Knox Workspace* ●*
Remote device lock/wipe ● ● ● ●

Device Location tracking ● ● ● ●

monitoring Reset device password ● ● ●
Remote device support ●
* Additional license purchase required : Full support : Partial support

21
III . Device Eligibility & Verification
Device Enrollment Types
Type 1
Download Invitation
• By Employees
- IT admins will send SMS/email invitation
to download agent to end users
- EMM agent is installed from public
online app stores
- Device ownership will be verified as
employees put log in credentials
Type 2
Bulk Upload
• By Reseller
- Eligible for Samsung devices with Knox
Android platform v2.4.0 or above
- Only the Knox Deployment Program
(KDP) participating resellers can upload
device IDs in Knox Mobile Enrollment
- Designed for a large number of
commercial devices
Type 3
Device Tagging
• By IT Admin
- Device ownership can be immediately
verified by NFC/Bluetooth tagging
- Using Knox Deployment App
- Designed for a small number of test
devices or occasional A/S devices
22
A new way to control OS version for B2B customers

May 2018
Mobile OS version Control at your Fingertip

Samsung Enterprise FOTA helps

IT admins

to control OS version
on Samsung mobile devices
for cost efficient
enterprise mobility platform

24
Business Benefits Overview

The Samsung Enterprise FOTA service delivers optimal benefits for B2B customers

E-FOTA

Enhanced Security IT Stability

‧ Ensure latest security patches are consistently ‧ Update OS not to latest but to qualified version
deployed across enterprise even without user to stay on your choice to maximize IT efficiency
interaction

IT Cost Saving
Business Continuity
‧ Make sure all business devices are running
‧ Schedule update date and time via flexible
same OS version which makes IT
policy to avoid business interruption
management much easier

25
Samsung E-FOTA Offering

E-FOTA On MDM E-FOTA Advanced (Cloud) E-FOTA Advanced (On-Premise)

Server
Request Request E-FOTA
MDM Cloud
1st time Only Provide
Provide Server Server
Provide Request OS Delta binary
Server Version List OS Delta binary (From server / via Email)
Server
Deploy Set Set
Policy Policy Policy Console

Execute Console
Execute Set Policy IT
Console Admin
E-FOTA
On-Premise Server

IT Admin
IT
Admin Execute
/

26
Ⅰ. Product Overview

What is Knox Guard?

Cloud-based service that allows carriers/banks to remotely control and
lock Samsung devices to reduce financial risks while running installment plans

Mandatory Message Enforced Device

Notifications Tracking

Over-the-air Remote Device Control for Devices with Installment Plans Streamlined
Device-use Restriction Operation UX

“ Reduced Financial Risks Larger Consumer Base ”

05
Ⅰ. Product Overview
Knox Guard
Unique Selling Points

Billing server

Mandatory Notification Message
- Customizable notification message
- Real-time delivery
- Mandatory exposure to the message
Blink Reminder
- Flexible reminder frequency
Device Screen Lock
- Restrict USB/Tethering/BT/Odin/etc.
Location Tracking (Coming on Oct.31) Streamlined Operation UX
- Only in countries with no legal issue
- for locked devices only
06
Ⅲ. Device Eligibility & Verification

Device Eligibility

Technical Requirements Device Ownership Verification

Type 1 Type 2

By Device Reseller By IT Admin

(Bulk Device ID Upload) (NFC/Bluetooth Connection)

· Devices must be purchased from · Devices can also be verified

Samsung Galaxy Knox Deployment Program- using Knox Deployment App
(smartphones/tablets) participating resellers in real time
With Knox Android Platform v2.7.1+ · Designed for a large number of · Designed for a small number of
(=Android Nougat OS) or greater commercial devices devices (e.g., test devices)

13
END OF DOCUMENT