Samsung KME and Android Zero Touch
Introduction
Samsung Knox is a security platform for Samsung devices that allows organizations to securely manage their mobile devices. Android Zero Touch is a feature that allows you to automatically configure and provision your devices without the need for manual interaction with the device. Together, Samsung Knox and Android Zero Touch provide a comprehensive solution for secure and efficient enterprise mobile device management.
Automatic enrollment with Android Enterprise
For Android Enterprise, two different types are available for automatic enrollment:
Samsung Knox Mobile Enrollment(KME) for Samsung devicesAndroid Zero Touchfor all other manufacturers with Android operating system
Samsung Knox Mobile Enrollment (KME)
With Samsung Knox Mobile Enrollment, Samsung devices can be quickly and easily prepared for management in a Mobile Device Management (MDM) system. The enrollment of company-, administration- or school-owned devices can be done faster without the need to manually enroll each device individually. This results in enormous time savings, especially when dealing with a large number of devices. The setup of the devices is started automatically as soon as they are put into operation and an Internet connection is established. Even if devices registered in the KME program are reset, they automatically re-enroll in the MDM system used. The KME program thus offers similar functions to Apple’s Device Enrollment Program (DEP).
Requirements
Samsung devices can be enrolled in the KME program by authorized dealers using the serial number. If the devices were not obtained from an authorized dealer, Samsung offers the possibility to add devices manually afterwards in the KME program. To do this, either a special QR code must be scanned during the device setup or the Knox Mobile Deployment app has be used on an additional Samsung device to set up a new device.
The KME program is offered free of charge by Samsung after registration. We recommend the solution with the use of the QR code due to its easy to use.
Combination of Samsung KME and Android Enterprise
Samsung Knox Mobile Enrollment can be combined with Android Enterprise enrollment types “Managed Device” (Managed Device) and Managed Device with Personal Profile (Company Owned, Personally Enabled - COPE).
KME enrollment
Prepare enrollment in Relution
- Go to
Devices > Enrollmentsand then clickAdd - Select
Android Enterpriseas the platform and eitherSet up managed deviceorSet up managed device with personal profileas the type, depending on your use case - Enable the
Multiple enrollmentoption and select a validity date that will not expire soon - Save the enrollment
- In the created enrollment, a
KME Custom JSONis provided underEnrollment Informationand theUse DPC Identifiertab. Copy this code to the clipboard
Create KME profile
- Log in to the Samsung Knox Portal →
- Click on
Profilesin the left side menu. Here you will find all the KME profiles that have already been created. The table also shows the number of linked devices - Click on
CREATE PROFILEin the upper right corner - Select
Android Enterprise - Name the profile and select
Otherin thePick your MDMfield - In the
MDM Agent APKfield, add this address:https://play.google.com/managed/downloadManagingApp?identifier=setup - Click on
Continue - In the upper left corner of the
Custom JSON Datafield, paste theJSONfrom your clipboard that you copied in the previous step - Click on
Create
Optional
- You can optionally create a QR code. This can be used to enroll or to add devices to the KME
- To do this, click on
ADD A QR CODE - To add new devices to KME, the checkbox
Also allow QR Code enrollment for devices not uploaded by a resellermust be enabled. Otherwise the code will only work with devices already stored in KME - Additionally you can store a Wi-Fi configuration. This can make the enrollment of a large number of devices much easier, as the Wi-Fi connection no longer needs to be set up manually
- Finish your entries by clicking on
ADD
If you want to use the QR code, you need to draw a plus sign (+) with your finger in the welcome screen of Samsung devices. Then the QR code scanner will open and you can scan the QR code you just created.
Linking devices and profiles
- If no QR code is used, devices that have already been registered have to be linked to the KME profile that has been created
- To do this, switch to
Devicesin the side menu and select the desired devices - Then select the menu
Actions > Configure Devicesin the upper right corner - Then start up the devices as usual
Android Zero Touch
The functionality of Android Zero Touch is similar to that of Samsung Knox Mobile Enrollment (KME). A profile must be created in the Zero Touch Portal →, which is then linked to the desired devices from the device list.
Devices for Android Zero-Touch Enrollment (ZTE) cannot be manually added by the end customer. Adding devices to the Zero-Touch portal must always be done by an authorized reseller or OEM.
Preparation for enrollment in Relution
- Go to
Devices > Enrollmentsand then clickAdd - Select
Android Enterpriseas the platform and eitherSet up managed deviceorSet up managed device with personal profileas the type, depending on your use case - Enable the
Multiple enrollmentoption and select a validity date that will not expire soon - Save the enrollment
- In the enrollment created, an
Android Enterprise Zero Touch custom JSONis provided underEnrollment Informationand theUse DPC Identifiertab. Copy this code to the clipboard
Create Zero Touch Profile
- Log in to the Zero Touch Portal →
- Go to
Configurationsin the left menu - Click on the plus (+) icon in the gray bar
- Name your configuration
- Under
EMM DPCselect the optionAndroid Device Policy. It is possible that there are several entries with this name. Use any one you like - Under
DPC extraspaste theJSONcopied from your clipboard in the previous step - Fill in the remaining fields and click on
ADD
Linking devices and profiles
- Switch to the
Devicessection via the side menu - Select the appropriate configuration for each device
- Then put the devices into operation as usual
There is no need to scan a QR code. The Android devices will always automatically report to Zero Touch, which will route the request to Android Enterprise and thus to Relution.