This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 22%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECN%3C/text%3E%3C/svg%3E)
I am experiencing several issues with BYOD Android devices that are S5 and S6. The notice for accepting the KNOX privacy is displaying, but users attempt to accept and nothing happens. The devices remain not compliant, and as much as I can troubleshoot remotely, I believe that this is the cause. The work profile is created, but it is not usable (greyed out and tapping does not open).
This is very perplexing and very new to me. I find it most disturbing that no device information is shared, which also points to the privacy acceptance and being unable to accept by the user.
Do you have any related experience or resolutions for this type of issue? I did more reading and found that Secure Folder app was taking the place of KNOX for device encryption, but will it work for the establishment of the work profile? Will it require different settings in Intune to accommodate?
ETA: Device example
Phone - SM-G920R4
Android - 7.0
Knox - 2.7.2
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Chrissy Nield , From your description, the KNOX device cannot accept the privacy notification. To understand it better, please collect the following information to us.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 40%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
This is a real issue.
Android 7 and below, as apparently they initiate WP with Device Admin API's
The result is no one can accept the Knox privacy policy and compliance is never met or even allowed to evaluate.
The only realistic workaround right now is using Device admin enrollment
See below
https://support.google.com/work/android/thread/96578926?hl=en
@Dan · Thanks for the information sharing. Android Device admin enrollment can be an option for us to manage these devices with lower version.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 67%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
@Dan , I did post a workaround a while ago but still struggling to find it....
Basically I downloaded a previous version of Company Portal (APK found on google) from March 2019. I installed that and registered my device as normal via that. It was successful, I then updated the company portal app via the play store and I see the message about the knox thing on every reboot of the phone however I am officially registered and can access all my work resources.
Through all of our testing and hard work, the solution was resolved in the Company Portal app release 5.5 for Android 7.0 devices being unable to accept the ELM/Privacy with Knox 2.4/2.7 installed. Don't forget that these devices will no longer be supported by Samsung, and most of us will need to make some decisions on how much longer we support these along with the iOS 7. :)
@mfranklin , Thanks for sharing here. And I am glad to hear that it is working now. Congratulations!
From the update I get from internal, I find the new company portal with fix deployed to Prod users publish in Google Play Store can fix our issue. @everyone, we can try to install the latest company portal to see if it is also working in our environment. Here are steps we can try:
Thanks for your time and have a nice day!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 9%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
We are experiencing the same issue with multiple Android 7 tablets (Samsung S2) in our company. Also opened a MS ticket, but the recommendation for now is to allow these devices for and exception to go back to Device Administrator instead of AE.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 67%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEC%3C/text%3E%3C/svg%3E)
Hi Tom,
please wait for the CP version 5.5067.0 to see if the issue fixed.
Any idea when that can be released ? I already received a final statement from MS, saying that the release date is not known yet.
So I will repost my workaround for my S6 (Android 7, Knox 2.7.1)
I managed to get this working now. I used a web site (googled for old versions of the Company Portal) that had an APK for version 5.0.4731.0.
This all now works, so I can confirm it's something broken in more recent versions of the Company Portal from MS!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 71%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
It's working now! thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 61%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELR%3C/text%3E%3C/svg%3E)
Unfortunately, I'm still seeing the issue, and I'm on Android 9 with Company Portal 4.0.5067.0. (Samsung Galaxy S8+). During enrollment, I get the dreaded, "Accept KNOX privacy notice to finish setting up your device" notification from Company Portal that does nothing when you click it. In Company Portal, "Device Details", it says, "You need to update settings on this device". If you click on that, you see the "Update device settings" screen in the Company Portal, which says:
*You need to update settings on this device
Last checked: March 4, 9:55 AM
Your company needs you to adjust these settings to comply with organizational policies. Tap Confirm Device Settings to recheck these settings.
No compliance policies have been assigned
Your IT department has not configured Intune to evaluate your device for compliance. Please contact your helpdesk.*
To me, that means that the "MDM Android Compliance Policy" we have set up in Intune does not appear to be applicable to the device. However, the account I'm using to log into the Company Portal is in the user group assigned to the policy. The policy in Intune is:
Profile type: Personally-owned work profile
Platform supported: Android Enterprise
Assigned: Yes
Groups assigned: 1
Groups Excluded: 0
We are just starting our journey into Intune, and I am in the pilot group (selected to apply the policy to). My device is a personally-owned Android 9. Are the selections for the Intune policy (above) correct to get this policy to apply to my device?
@Lamaster, Robert ,, For the company portal, the latest version is 5.5067.0, we can try to upgrade to latest version and re-enroll to see if it is working.
Hope it can help.
This sounds like a different issue.
There are many reasons that your compliance policy is not assigned - including device limits set. Check the device policies in the console. Does it ever get applied? Is the device itself meeting compliance standards for enrollment?
Remove all devices from the user. Wait 24 hours before next enrollment. Remove the app from the user device and power down (this will clear the device of the settings.)
Is the device a jailbroken device or has it ever been? Do you have licenses? Is your test user a member of the group that is assigned to this policy? Start breaking it down step by step. I find it best to list each and every policy, condition, assignment and evaluate it in a flow chart when I have a troublesome setup/new setup. It is great for your own documentation of the process when it comes time to illustrate.