A Breakdown of VMware AirWatch Support for Android Enterprise with Samsung Knox Mobile Enrollment

Dec 8, 2017
Eric Stillman


Eric Stillman is a Product Manager for Android and Chrome OS at VMware End-User Computing.

Share This Post On

Increasing numbers of corporate-owned devices and reliance on business apps for enhanced productivity has created a few challenges in the workplace. Organizations want to take advantage of the latest technology and keep their users happy without creating manual labor for IT or friction with their end users.

So, Samsung developed Knox Mobile Enrollment to streamline this process for both admins and end users. Support for Knox Mobile Enrollment within VMware Workspace ONE, powered by AirWatch technology, isn’t new, but enrollment support for an Android enterprise work managed device is.

Here’s the breakdown of this joint solution.

What Is Knox Mobile Enrollment?

Samsung Knox Mobile Enrollment (KME) is the out-of-box enrollment solution exclusive to Samsung devices, which allows administrators to configure devices to enroll as soon as they are powered on and connected to the internet. KME is a no-cost solution that makes it simple to deploy large numbers of devices with minimal manual work from the administrator and almost no user interaction. Devices are pre-registered to the admin’s Samsung account and assigned enrollment credentials.

Once the device connects to the internet, it automatically:

  • Downloads and installs the VMware AirWatch Agent;
  • Securely retrieves the enrollment credentials; and
  • Enrolls into AirWatch unified endpoint management (UEM).

From there, it receives all assigned apps, policies, email and other content. If the device is factory reset, once it’s booted up again and connected to the internet, the same enrollment flow will kick off.

What Is an Android Enterprise Work-Managed Device?

Android enterprise is the standard in Android device management, first introduced with Android 5.0 (Lollipop). By removing the fragmentation of manageability on Android devices, Android enterprise standardizes the core components across all devices, regardless of manufacturer.

Android enterprise can be deployed as a work profile for bring-your-own-device (BYOD) use cases or work-managed for corporate-liable. Out-of-box enrollment methods initiate the corporate-liable, work-managed device mode.

With the ability to take full ownership of the device in work-managed mode, Android enterprise brings a number of policies and configuration tools to the administrator in to better:

  • Secure the device;
  • Prevent data loss and theft; and
  • Maximize end-user productivity.

On a work-managed device, there are no personal apps or data, which prevents unauthorized apps from gaining access to privileged information.

Tying Knox Mobile Enrollment & Android Enterprise Work-Managed Devices Together

VMware and Samsung now offer the ability to enroll devices running Knox v2.8 or higher into Android enterprise work-managed mode using KME. From out of the box, the device instantly starts enrollment when connected to the internet.

During this process, the AirWatch Agent is automatically installed and serves as the device policy controller (DPC). The DPC has a much greater level of control over the work-managed device, with the ability to:

  • Configure policies,
  • Lock down the device,
  • Prevent access to certain apps and settings and
  • Prevent malicious behavior.

The combination of these technologies, which is configured in and deployed by AirWatch technology, ensures that corporate-owned phones are properly configured and secure without difficult, manual setup processes.

To learn more about VMware and Samsung’s joint capabilities, please visit our website to dive in.

468 ad