Knox Platform for Enterprise Knox Platform for Enterprise

Knox Platform for Enterprise container security

Go above and beyond the foundational Knox security that’s built into Samsung device hardware with the Knox Platform for Enterprise container security solution. Built for advanced configuration, management and control, it has been designed to meet the stringent security needs of government and regulated industries.

Knox Platform for Enterprise container security

Go above and beyond the foundational Knox security that’s built into Samsung device hardware with the Knox Platform for Enterprise container security solution. Built for advanced configuration, management and control, it has been designed to meet the stringent security needs of government and regulated industries.

Knox Platform for Enterprise is the updated Knox Workspace container security solution. It allows IT admins to access the full range of Knox platform features without creating an on-device container. Admins may still deploy the Knox Workspace managed container if they choose.

Knox Platform for Enterprise is the updated Knox Workspace container security solution. It allows IT admins to access the full range of Knox platform features without creating an on-device container. Admins may still deploy the Knox Workspace managed container if they choose.

Separate work from personal easily with a secure container

The keys for encrypting and decrypting the optional Knox Workspace container security solution are derived in the device chipset. Any apps, email or files stored in the secure container are encrypted and can only be accessed when the user enters their PIN, password, pattern or through biometric authentication. IT admins can use various container security tools to manage your enterprise mobile security.

The keys for encrypting and decrypting the optional Knox Workspace container security solution are derived in the device chipset. Any apps, email or files stored in the secure container are encrypted and can only be accessed when the user enters their PIN, password, pattern or through biometric authentication. IT admins can use various container security tools to manage your enterprise mobile security.

secure container
Remote lock
IT admins can remotely lock a device if they suspect tampering to protect confidential data from being accessed.
Permanent lock-down
If a device is ever compromised, the Knox Warranty Bit will fuse and the Knox Workspace secure container will permanently lock down to prevent data leakage.
Flexible unlock methods
The secure container can be unlocked using 2-step authentication or Microsoft Active Directory credentials.

Defense-grade container security

Protect corporate data on a device with government-certified data encryption technology. The Knox Platform for Enterprise container security solution leverages Samsung’s hardware and software integrated Knox security architecture, and adds advanced features to meet the stringent needs of most regulated industries.

Protect corporate data on a device with government-certified data encryption technology. The Knox Platform for Enterprise container security solution leverages Samsung’s hardware and software integrated Knox security architecture, and adds advanced features to meet the stringent needs of most regulated industries.

container security
Data encryption
Protect corporate data on a device with government-certified data encryption and password control.
Certificate storage
Manage mobile security across your fleet with hardware-based certificate storage and management.
Container security
Individual apps are isolated from other applications (SE for Android Management Service).

Logging and analytics

Knox Platform for Enterprise provides powerful container security tools to monitor end-user activities as well as data traffic usage. Government-certified auditing features help to ensure all device usage is under control.

Knox Platform for Enterprise provides powerful container security tools to monitor end-user activities as well as data traffic usage. Government-certified auditing features help to ensure all device usage is under control.

Audit log

Audit log

Collects comprehensive log events from the device, including container creation/deletion and app installation/removal.

network platform analytics

Network platform analytics

Monitors network activity patterns without inspecting the content of data packets.

device attestation

Attestation

Remotely checks if the device is rooted or running unauthorized firmware.

Audit log

Audit log

Collects comprehensive log events from the device, including container creation/deletion and app installation/removal.

network platform analytics

Network platform analytics

Monitors network activity patterns without inspecting the content of data packets.

device attestation

Attestation

Remotely checks if the device is rooted or running unauthorized firmware.

Robust VPN connectivity

Virtual private networks (VPNs) are a common way of transferring sensitive data in and out of a corporate network. The Knox Platform for Enterprise container security solution adds advanced features for granular VPN control and enforced configuration.

Virtual private networks (VPNs) are a common way of transferring sensitive data in and out of a corporate network. The Knox Platform for Enterprise container security solution adds advanced features for granular VPN control and enforced configuration.

App, container and device VPN

Per-app/container/device VPN

To configure the scope of the VPN connection.

On-demand VPN

On-demand VPN

For an optimal connection based on target application usage.

device attestation

HTTP Proxy over VPN

Allows web proxy settings to function while traffic is flowing over a VPN tunnel.

App, container and device VPN

Per-app/container/device VPN

To configure the scope of the VPN connection.

On-demand VPN

On-demand VPN

For an optimal connection based on target application usage.

device attestation

HTTP Proxy over VPN

Allows web proxy settings to function while traffic is flowing over a VPN tunnel.

Granular device control & management

Remotely manage a fleet of BYOD or corporate-liable devices and push corporate apps and security policies to them. Knox Platform for Enterprise features hundreds of IT policies with regular feature updates and integrates seamlessly with leading EMM solutions . In addition to the basic device, app, email, and network configurations, Knox Platform for Enterprise allows IT admins to configure advanced device controls.

Remotely manage a fleet of BYOD or corporate-liable devices and push corporate apps and security policies to them. Knox Platform for Enterprise features hundreds of IT policies with regular feature updates and integrates seamlessly with leading EMM solutions . In addition to the basic device, app, email, and network configurations, Knox Platform for Enterprise allows IT admins to configure advanced device controls.

Advanced controls

Certificate management

Installation and deletion with zero user interaction.

Dual APN settings

Dual APN settings

To assign a different Access Point Name (APN) for particular apps.

Workspace configurations

Workspace configurations

Restrict employees to work only in the Knox Workspace secure container.

Advanced controls

Certificate management

Installation and deletion with zero user interaction.

Dual APN settings

Dual APN settings

To assign a different Access Point Name (APN) for particular apps.

Workspace configurations

Workspace configurations

Restrict employees to work only in the Knox Workspace secure container.

Comparing Knox Platform for Enterprise and Android Enterprise

Explore the advantages offered by Samsung Knox devices and the Knox Platform for Enterprise standard and premium additions that go above and beyond the standard Android Enterprise security capabilities.

Explore the advantages offered by Samsung Knox devices and the Knox Platform for Enterprise standard and premium additions that go above and beyond the standard Android Enterprise security capabilities.

Additional container security features

  • Cloud or On-Premise
  • 1 Year
  • Devices with Knox v2.4 +
  • Yes
General
Type
License Type
Server Options
Launcher or Folder View Enables IT admins to choose the UI style of a container (folder and launcher style) at the time of container creation.
Container Unlock with AD Credentials Enables creation and unlock of Knox Workspace using an enterprise’s Microsoft Active Directory (AD) credentials.
Supported Devices
EMM Support
Security
Enable Iris Authentication to Access Knox Iris recognition is a key security enhancement of S8. We leverage this device feature for the Knox Workspace container as well. Iris recognition is more accurate and secure than fingerprint, so it will enhance the security level of Knox.
Permanent Container Lock If Warranty Bit of a device is fused, the container gets permanently locked to prevent any data leak.
Chamber Folder Creates a folder inside the Knox Workspace used to store user content at the strongest levels of data protection. Data files in the Chamber are SDP-encrypted when the Knox Workspace is locked and when the device is powered off.
Container-Only Mode Provides a mechanism to always boot to the container as well as configure a corresponding custom UX configuration. This UX may incorporate configurations that remove status bars, disable physical device buttons, and so on.
App Permission Monitor - Phase 3 APIs to block permissions in background.
History page in Settings to check leaked data.
App Permission Monitor Updates App Permission Monitor now includes the following new features:
-Updated data collection – ability to collect location information, foreground + background app info and statistics on data that may have leaked via background permissions.
-History page now available in Settings to check leaked data.
-UX improvements – new button shortcut to turn off APM monitoring per app.
-More B2B policies – new API to force stop background apps.
Knox Workspace Knox Workspace has been updated to meet the requirements of GDPR.
Work Profile Icon Name Change Work profiles created in Android have been renamed from "Workspace" to "Work”. This is reflected in the icon name on the device. Knox Workspace profiles are still named “Workspace"
“Work” For Work Profile Icon
Management
App Shortcuts on Personal Home Screen Apps can call new APIs for adding or removing shortcuts to the personal space of the user. These shortcuts facilitate the device user's access to apps in the Knox Workspace.
Information Rights Management (IRM) Information Rights Managements (IRM) enables IT admins to enforce tighter policies on Knox Workspace to prevent enterprise data loss or leakage.
Clipboard/Copy & Paste From Outside to Inside IT admins can allow end users to copy and paste from outside Knox Workspace into Workspace. Copying from the container to the personal space remains restricted.
Enhanced Knox Container Isolation Granularity Adds control of Android app permissions to prevent interactions with the Knox container apps to only the necessary system apps.
Google Play or Play for Work Inside Container Allows enterprises/IT admins to perform app management (silent install/uninstall, whitelist/blacklist) using Google Play for work inside Knox workspace.
Audit Logs Audit log allows IT admins to select events and push an audit log to their server. This is also compliant with Mobile Device Fundamentals Protection Profile (MDFPP) 2.0 requirements.
Container Configurations Admins can configure various settings, including browser, email, password, Wi-Fi, VPN, firewall, and etc., within the container from an EMM console.
SD Card Access Provides an API for EMMs to enable apps (on a per-app basis) installed inside the Knox Workspace to access the SD card.
Container Lock/ Wipe Admins can lock or wipe the container in case the phone is lost or stolen.
DeX Management and Configuration IT Admins can use the following new features in Samsung DeX:
-Align DeX launcher: configure DeX launcher align type by name(A-Z), type, & custom.
-Add browser shortcut to home screen: add a Samsung or Chrome browser shortcut with a specific URL.
-Seamless app use: whitelist apps to auto-launch when docked in the DeX Station.
Disable Wi-Fi, Bluetooth, Bluetooth Low Energy Background Scanning Disable Wi-Fi, Bluetooth, Bluetooth Low Energy background scanning
Enhanced Knox Workspace Container Isolation Granularity Adds control of Android app permissions to prevent interactions with the Knox Workspace container apps to only the necessary system apps.
NPA (Network Platform Analytics) Updates NPA has been updated with the following new features:
-DNS requests are now attributed to the requesting app.
-New configuration options allow you to select when to sample data: beginning of flow, end of flow, or both.
-NPA now indicates if data is associated with the start or end of the flow.
NPA (Network Platform Analytics) – Long-Lived Flows Periodic data reporting (pre 3.2: reporting only at the end of connection)
RCS Message Logging IT Admins can now log Rich Communications Services (RCS) messages.
Wi-Fi, BT, BLE Scanning Disable APIs to disable Wi-Fi/BT scanning (separate from disabling function itself)
Productivity
Accessibility Apps Access to Knox Workspace IT admins can now whitelist the accessibility apps that can access the Knox Workspace container. Previously, to reduce vulnerabilities, the Knox Workspace container blocked access from all third-party accessibility apps except Google TalkBack.
Enterprise Billing on Dual SIM Devices Previously, the SIM1 card was used for enterprise billing by default. With this enhancement, you can select the SIM2 card for enterprise billing.
PBA (Phonebook Access) Profile Support Allows for sharing contact information which is stored in the Knox Workspace. For example, a device user can call a number from their contact list inside the container by sharing the number through a Bluetooth connection with their automobile's hands-free phone system.
Multi-Window Support End users can now use apps in the Knox container alongside apps outside the container (i.e. view a video outside the container while taking notes on an app inside the container).
Speech-to-Text Enables Google Voice for apps inside Knox Workspace.
S-Pen Air Command Support On Note devices, S-Pen Air Command is now supported inside Knox Workspace for writing memos, adding app shortcuts, screen capture, and writing notes on a screen capture (depending on IT policy).
USB Access Inside Container This feature adds a setting (via an API) allowing the EMM to globally allow or disallow container apps from connecting to USB for certain use cases (external printers, storage devices, and so on).
IPv6 Support for Enterprise Billing Enables enterprise billing for dual-APN split billing for carriers using IPv6 networks.
Enterprise Billing Allows a separate bill for personal and enterprise data usage. This feature allows employees to use two different APNs for routing personal and enterprise data connections.
ProKiosk Mode ProKiosk can now be enabled without rebooting the device.
DeX
Add Browser Shortcut to Home Screen APIs to add a Samsung or Chrome browser shortcut with a specific URL.
Align DeX Launcher APIs to configure DeX launcher align type by name(A-Z), type, & custom.
Seamless App Use APIs to whitelist the apps to auto-launch when docked in DeX Station.
SDK
Knox UCM SDK is Included in Knox SDK Knox UCM SDK is merged into the consolidated Knox SDK
See All Specifications
Hide All Specifications
  • Cloud or On-Premise
  • 2 Years
  • Devices with Knox v2.4 +
  • Yes
General
Type
License Type
Server Options
Launcher or Folder View Enables IT admins to choose the UI style of a container (folder and launcher style) at the time of container creation.
Container Unlock with AD Credentials Enables creation and unlock of Knox Workspace using an enterprise’s Microsoft Active Directory (AD) credentials.
Supported Devices
EMM Support
Security
Enable Iris Authentication to Access Knox Iris recognition is a key security enhancement of S8. We leverage this device feature for the Knox Workspace container as well. Iris recognition is more accurate and secure than fingerprint, so it will enhance the security level of Knox.
Permanent Container Lock If Warranty Bit of a device is fused, the container gets permanently locked to prevent any data leak.
Chamber Folder Creates a folder inside the Knox Workspace used to store user content at the strongest levels of data protection. Data files in the Chamber are SDP-encrypted when the Knox Workspace is locked and when the device is powered off.
Container-Only Mode Provides a mechanism to always boot to the container as well as configure a corresponding custom UX configuration. This UX may incorporate configurations that remove status bars, disable physical device buttons, and so on.
App Permission Monitor - Phase 3 APIs to block permissions in background.
History page in Settings to check leaked data.
App Permission Monitor Updates App Permission Monitor now includes the following new features:
-Updated data collection – ability to collect location information, foreground + background app info and statistics on data that may have leaked via background permissions.
-History page now available in Settings to check leaked data.
-UX improvements – new button shortcut to turn off APM monitoring per app.
-More B2B policies – new API to force stop background apps.
Knox Workspace Knox Workspace has been updated to meet the requirements of GDPR.
Work Profile Icon Name Change Work profiles created in Android have been renamed from "Workspace" to "Work”. This is reflected in the icon name on the device. Knox Workspace profiles are still named “Workspace"
“Work” For Work Profile Icon
Management
App Shortcuts on Personal Home Screen Apps can call new APIs for adding or removing shortcuts to the personal space of the user. These shortcuts facilitate the device user's access to apps in the Knox Workspace.
Information Rights Management (IRM) Information Rights Managements (IRM) enables IT admins to enforce tighter policies on Knox Workspace to prevent enterprise data loss or leakage.
Clipboard/Copy & Paste From Outside to Inside IT admins can allow end users to copy and paste from outside Knox Workspace into Workspace. Copying from the container to the personal space remains restricted.
Enhanced Knox Container Isolation Granularity Adds control of Android app permissions to prevent interactions with the Knox container apps to only the necessary system apps.
Google Play or Play for Work Inside Container Allows enterprises/IT admins to perform app management (silent install/uninstall, whitelist/blacklist) using Google Play for work inside Knox workspace.
Audit Logs Audit log allows IT admins to select events and push an audit log to their server. This is also compliant with Mobile Device Fundamentals Protection Profile (MDFPP) 2.0 requirements.
Container Configurations Admins can configure various settings, including browser, email, password, Wi-Fi, VPN, firewall, and etc., within the container from an EMM console.
SD Card Access Provides an API for EMMs to enable apps (on a per-app basis) installed inside the Knox Workspace to access the SD card.
Container Lock/ Wipe Admins can lock or wipe the container in case the phone is lost or stolen.
DeX Management and Configuration IT Admins can use the following new features in Samsung DeX:
-Align DeX launcher: configure DeX launcher align type by name(A-Z), type, & custom.
-Add browser shortcut to home screen: add a Samsung or Chrome browser shortcut with a specific URL.
-Seamless app use: whitelist apps to auto-launch when docked in the DeX Station.
Disable Wi-Fi, Bluetooth, Bluetooth Low Energy Background Scanning Disable Wi-Fi, Bluetooth, Bluetooth Low Energy background scanning
Enhanced Knox Workspace Container Isolation Granularity Adds control of Android app permissions to prevent interactions with the Knox Workspace container apps to only the necessary system apps.
NPA (Network Platform Analytics) Updates NPA has been updated with the following new features:
-DNS requests are now attributed to the requesting app.
-New configuration options allow you to select when to sample data: beginning of flow, end of flow, or both.
-NPA now indicates if data is associated with the start or end of the flow.
NPA (Network Platform Analytics) – Long-Lived Flows Periodic data reporting (pre 3.2: reporting only at the end of connection)
RCS Message Logging IT Admins can now log Rich Communications Services (RCS) messages.
Wi-Fi, BT, BLE Scanning Disable APIs to disable Wi-Fi/BT scanning (separate from disabling function itself)
Productivity
Accessibility Apps Access to Knox Workspace IT admins can now whitelist the accessibility apps that can access the Knox Workspace container. Previously, to reduce vulnerabilities, the Knox Workspace container blocked access from all third-party accessibility apps except Google TalkBack.
Enterprise Billing on Dual SIM Devices Previously, the SIM1 card was used for enterprise billing by default. With this enhancement, you can select the SIM2 card for enterprise billing.
PBA (Phonebook Access) Profile Support Allows for sharing contact information which is stored in the Knox Workspace. For example, a device user can call a number from their contact list inside the container by sharing the number through a Bluetooth connection with their automobile's hands-free phone system.
Multi-Window Support End users can now use apps in the Knox container alongside apps outside the container (i.e. view a video outside the container while taking notes on an app inside the container).
Speech-to-Text Enables Google Voice for apps inside Knox Workspace.
S-Pen Air Command Support On Note devices, S-Pen Air Command is now supported inside Knox Workspace for writing memos, adding app shortcuts, screen capture, and writing notes on a screen capture (depending on IT policy).
USB Access Inside Container This feature adds a setting (via an API) allowing the EMM to globally allow or disallow container apps from connecting to USB for certain use cases (external printers, storage devices, and so on).
IPv6 Support for Enterprise Billing Enables enterprise billing for dual-APN split billing for carriers using IPv6 networks.
Enterprise Billing Allows a separate bill for personal and enterprise data usage. This feature allows employees to use two different APNs for routing personal and enterprise data connections.
ProKiosk Mode ProKiosk can now be enabled without rebooting the device.
DeX
Add Browser Shortcut to Home Screen APIs to add a Samsung or Chrome browser shortcut with a specific URL.
Align DeX Launcher APIs to configure DeX launcher align type by name(A-Z), type, & custom.
Seamless App Use APIs to whitelist the apps to auto-launch when docked in DeX Station.
SDK
Knox UCM SDK is Included in Knox SDK Knox UCM SDK is merged into the consolidated Knox SDK
See All Specifications
Hide All Specifications

Purchase Knox Platform for Enterprise from a reseller

1 Year License

1 Year License

2 Year License

2 Year License

Get started with a free trial of Knox Platform for Enterprise

Please provide your contact details to get started with a free trial of Knox Platform for Enterprise or discuss a project with our sales team. Or you can call (855) 581-6892 to talk to an expert now.

Please provide your contact details to get started with a free trial or discuss a project with our sales team. Or you can call (855) 581-6892 to talk to an expert now.

Product Interest (select one or more):

More mobility software solutions

Mobile security solutions and ongoing support

Knox security

Samsung Knox is a defense-grade security platform built from the chip up for superior protection that’s easier to manage.

Knox security
Samsung Knox is a defense-grade security platform built from the chip up for superior protection that’s easier to manage.

Business services

We support your mobile ecosystem with customization, migration, technical support, EMM support, application development and device protection.

Business services
We support your mobile ecosystem with customization, migration, technical support, EMM support, application development and device protection.