Microsoft Intune Policies For Samsung Knox Enabled Devices


While delivering last week’s CANITPRO Business Mobility Camp in Calgary, a question was brought forth in regards to what specific policies can be enforced on A Samsung KNOX enabled device via Microsoft Intune. For those unaware, Samsung’s KNOX offering is additional software & hardware hardened security enabled above and beyond the traditional Android stack.

Microsoft recently furthered the support for securing and managing KNOX enabled devices.  The following list is the complete policy set offered as of this writing.

  • Email Profiles – IT Professionals can now create, deploy and monitor Exchange ActiveSync email settings on KNOX enabled devices. This allows end user access of corporate email without the requirement of further setup
  • Password Enablement – The ability to assign type, minimum length, complexity, number of repeated sign-in failures before wiping, minutes of inactivity before the screen turns off, password expiration, password history & its prevented use
  • Encryption – Can be enabled on both onboard storage and inserted storage cards
  • Allow / Disallow screen capture
  • Allow / Disallow external submission of diagnostic data for troubleshooting
  • Allow / Disallow factory reset
  • Allow / Disallow Google backup – Policy can block a device from backing up it’s contents via Google backup
  • Allow / Disallow Google Account Auto Sync – Block capabilities of synchronizing unauthorized Google accounts
  • Browser Policies – The ability to disable the browser, disable autofill, enable pop-up blocker, disable cookies and disallow active scripting
  • Allow / Disallow Application Store access – Includes both Google Play and Samsung App Store
  • Hardware Policies – The ability to disable camera, removable storage use, Wi-Fi, Wi-Fi tethering, geolocation placement, NFC, Bluetooth and the ability to disable powering down the device
  • Cellular Policies – The ability to disable voice roaming, data roaming and SMS/MMS messaging
  • Feature Policies – Enable or disable voice assistant, voice dialling, Youtube utilization, copy and paste functionality as well as sharing clipboard data between applications

More information will be made available in an upcoming Microsoft Virtual Academy module. Special thank you to the team at Samsung Canada for providing hardware for testing.