This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 22%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECN%3C/text%3E%3C/svg%3E)
I am experiencing several issues with BYOD Android devices that are S5 and S6. The notice for accepting the KNOX privacy is displaying, but users attempt to accept and nothing happens. The devices remain not compliant, and as much as I can troubleshoot remotely, I believe that this is the cause. The work profile is created, but it is not usable (greyed out and tapping does not open).
This is very perplexing and very new to me. I find it most disturbing that no device information is shared, which also points to the privacy acceptance and being unable to accept by the user.
Do you have any related experience or resolutions for this type of issue? I did more reading and found that Secure Folder app was taking the place of KNOX for device encryption, but will it work for the establishment of the work profile? Will it require different settings in Intune to accommodate?
ETA: Device example
Phone - SM-G920R4
Android - 7.0
Knox - 2.7.2
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Chrissy Nield , From your description, the KNOX device cannot accept the privacy notification. To understand it better, please collect the following information to us.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 40%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
This is a real issue.
Android 7 and below, as apparently they initiate WP with Device Admin API's
The result is no one can accept the Knox privacy policy and compliance is never met or even allowed to evaluate.
The only realistic workaround right now is using Device admin enrollment
See below
https://support.google.com/work/android/thread/96578926?hl=en
@Dan · Thanks for the information sharing. Android Device admin enrollment can be an option for us to manage these devices with lower version.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 67%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
@Dan , I did post a workaround a while ago but still struggling to find it....
Basically I downloaded a previous version of Company Portal (APK found on google) from March 2019. I installed that and registered my device as normal via that. It was successful, I then updated the company portal app via the play store and I see the message about the knox thing on every reboot of the phone however I am officially registered and can access all my work resources.
Through all of our testing and hard work, the solution was resolved in the Company Portal app release 5.5 for Android 7.0 devices being unable to accept the ELM/Privacy with Knox 2.4/2.7 installed. Don't forget that these devices will no longer be supported by Samsung, and most of us will need to make some decisions on how much longer we support these along with the iOS 7. :)
@mfranklin , Thanks for sharing here. And I am glad to hear that it is working now. Congratulations!
From the update I get from internal, I find the new company portal with fix deployed to Prod users publish in Google Play Store can fix our issue. @everyone, we can try to install the latest company portal to see if it is also working in our environment. Here are steps we can try:
Thanks for your time and have a nice day!
Hi,
I have the same problem on my S6 - 920F (Android 7, Knox 2.7.1). The Company Portal App does not trigger the creation of the Work Profile for Samsung Knox, which is what I think the problem is. If that was triggered, then I'm sure it'd work fine.
Therefore, I think this is a bug in the Company Portal App?
So I have retried the process, and it does prompt the creation of the work profile and allows you to continue with it's creation just like your test @Crystal-MSFT , however the screenshot for the Work profile is different. I will see if I can take some screengrabs of the phone rather than snap it from the video (as it's hard to read).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 70%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hi All - i worked with my company MDM team and they saw on another forum post that it looks like there has been movement from Microsoft (and possibly samsung) on this issue. i didnt need to install an older version of company portal fortunately. About 2 hrs ago, i removed my device (v7) from company portal, uninstalled company portal, rebooted my mobile, then re-installed company portal from google play. I registered my device and it worked fine and is showing as compliant in company portal. I was then able to access outlook, ms-teams, etc.
Hope this works for all of you as well!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 65%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Yup - just checked Google Play store and there was an update available.
Have gone from 5.0.5059.0 to 5.5067.0
If you open the Company Portal and have the register company device prompt, just tap that and follow on-screen messages.
I no longer get the constant Knox notification and it's now enrolled successfully.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 9%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
That would be the excellent message. Can you try to find any link to that ? I will try this with my users tomorrow during the day anyway and will post the result here.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 42%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
@Crystal-MSFT
I am not sure if this is appropriate or if I should open a new post. I have two devices in my organization, both Samsung devices running Android 7.0 with the same issue.
The ELM Agent Privacy Policy was never presented to the devices or users.
Company Portal states "You need to update settings on this device"
Android Notification Bar states" Accept KNOX privacy notice to finish setting up your device". Clicking on the notification does nothing
Phone - SM-N920A
Android - 7.0
Knox - 2.7.1
@Mervyn S Morris , For the "update device settings" screen, please check if there's any condition not met. For example, during my test, I set compliance policy to require passcode, on my test phone, As it is not set. the same screen as yours comes and after I set the passcode and click "Confirm the settings". The device setting is updated and the deice shows compliant. Please check this and see if it can be fixed. If the issue still persist, to avoid confusion on this thread, I suggest to open a new thread to check on your issue.
Thanks for the understanding.
As with MervynSMorris-6224 , the notification is the only area where the company portal prompt shows. It does not show the ELM in the enrollment process.
But, because the ELM is not showing and only a notification (which when clicked, as mentioned, does nothing) the Work Profile Compliances does not evaluate. The Work Profile is created on the phone. The profile is disabled because of the unaccepted KNOX privacy ELM. The BYOD device is just sitting and waiting for the ELM to show during enrollment, and it never does. Only the notifications show the alert, but clicking on the alert does nothing.