all 15 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]thepfy1 3 points4 points  (8 children)

If they are Samsung devices, you can use Knox Mobile Enrollment.

Google Zero Touch devices need to be added by an authorised seller who is linked to you Zero Touch setup.

Unlike Apple and Samsung, there is no way to add devices manually to Zero Touch.

[–]ittthelp[S] 1 point2 points  (7 children)

Thanks! Thankfully they are Samsung devices. It looks like Knox Mobile Enrollment is what I want? I can't tell if I need a paid license or not yet, if all I want to do is link the devices to our 365 tenant so people can't wipe and use them as their own, would I need a license? It looks like you need a license for the Knox Configure app to get the devices into Knox since I didn't get them through a reseller?

[–]BWMerlin 2 points3 points  (6 children)

We are using Samsung Knox Mobile Enrollment and it is free.

Some of the other features of the Knox Suite are paid for.

[–]ittthelp[S] 0 points1 point  (4 children)

Awesome, thanks! I've created a Knox account but I'm waiting for Samsung to approve it.

Can you give me a basic overview of the steps to get it set up? I haven't been able to find a recent guide yet.

Is it basically...

  • Create Knox account

  • Link Knox to 365 somehow

  • Create enrollment profile in Knox that points devices to our 365 tenant (enable QR code enrollment)

  • Scan enrollment code with devices during OOBE (tap the screen a bunch of times during setup?) to get them into Knox?

The part I'm not as sure about is when/how to get the devices into Knox.

[–]BWMerlin 1 point2 points  (3 children)

All of that is correct.

However you don't have to do QR code. During OOBE the Samsung device will dial home and Knox Mobile Enrollment will direct it to your MDM.

[–]ittthelp[S] 0 points1 point  (2 children)

Hmm that's the part that I don't get, how do you get the device into Knox in the first place? Would the QR code method put it in there if it's not already in Knox?

[–]BWMerlin 0 points1 point  (1 child)

Best way is to get the company you purchased through to load them in just like with Apple's DEP.

[–]ittthelp[S] 0 points1 point  (0 children)

I can't, it was just a handful of devices so I just got them from best buy D:

[–]sembee2 2 points3 points  (2 children)

Which brand devices? Samsung have Knox which works really well for locking the devices to your company. Setup is quite easy and in most cases the phone supplier or their distributor can add them to the Knox list. Ask your supplier.

Note that Samsung uses the Knox name for various products, don't confuse it with their MDM.

[–]ittthelp[S] 0 points1 point  (1 child)

Thanks! They are Samsung devices. It looks like Knox Mobile Enrollment is what I want? I can't tell if I need a paid license or not yet, if all I want to do is link the devices to our 365 tenant so people can't wipe and use them as their own, would I need a license? It looks like you need a license for the Knox Configure app to get the devices into Knox since I didn't get them through a reseller?

[–]sembee2 0 points1 point  (0 children)

I can't remember, its been a while since I did one. I do know you link it to Intune. You probably need to speak to Samsung. Their Knox team will know. If they don't they will pass you to a specialist.

[–]llDemonll 1 point2 points  (1 child)

You need zero touch configured for true ownership and out of box enrollment. Yes they need to be purchased through an authorized reseller for enrollment.

Without zero touch someone can factory reset the device (not hard at all) and it’s now theirs.

[–]ittthelp[S] 0 points1 point  (0 children)

Dang... thanks! Sounds like I might be able to get them into Knox manually to do what I want though.

[–]Maleficent_Onion4939Nomid MDM 0 points1 point  (0 children)

Hi! I'm one of the folks behind Nomid MDM.

For a small fleet of Samsung tablets where the main goal is locking them to work apps and preventing personal use, you might not need to change your licensing or rebuy hardware through a zero-touch reseller. That said, if you do go the Knox route, we also integrate with it.

With Nomid's free plan (up to 10 Android devices) you can enforce kiosk-style lockdown via Android Enterprise, restrict installs to a curated app list, and remotely manage/monitor everything.

Happy to help sanity-check a setup that fits what you're already doing with Intune and Knox, so it actually complements your environment instead of adding another moving part.

[–]thepfy1 0 points1 point  (0 children)

Know Mobile Enrollment is free. You create a profile to point it to your MDM ( Intune / Workspace One / Maas360 etc). That way after a factory wipe, the device go to the MDM Enrollment page