Kaspersky Secure Mobility Management

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Installation of the Kaspersky Endpoint Security for Android app via KNOX Mobile Enrollment

KNOX Mobile Enrollment (KME) is part of the Samsung KNOX mobile solution. It is used for batch installation and initial configuration of apps on new Samsung devices purchased from official vendors.

Installation of the Kaspersky Endpoint Security for Android app via KNOX Mobile Enrollment consists of the following steps:

  1. Creating a KNOX MDM profile with the Kaspersky Endpoint Security for Android app
  2. Adding devices in KNOX Mobile Enrollment
  3. Installing the Kaspersky Endpoint Security for Android app on the user's mobile devices

For more details about working with KNOX Mobile Enrollment, please refer to the KNOX Mobile Enrollment User Guide.

Deployment via KNOX Mobile Enrollment is possible only for Samsung devices. For the list of supported devices, visit the Samsung technical support website.

In this section

Creating a KNOX MDM profile

Adding devices in KNOX Mobile Enrollment

Installing the app

Page top
[Topic 157023]

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Creating a KNOX MDM profile

A KNOX MDM profile is a profile that contains links to apps for their quick deployment and initial configuration on mobile devices.

To create a KNOX MDM profile:

  1. Sign in to the Samsung KNOX consoleKNOX Mobile Enrollment.
  2. Select the MDM profiles section.
  3. Click Add.

    The New KNOX MDM Profile Wizard starts.

  4. At the MDM server connection step, select Server URI is not required for my MDM service and click Next.
  5. At the MDM profile info step:
    1. Enter general information about the KNOX MDM profile: Profile name and Description.
    2. Click the Add MDM apps button and enter the path to the APK installation file.

      The installation file for Kaspersky Endpoint Security for Android is included in the Kaspersky Secure Mobility Management distribution kit. Beforehand, place the APK installation file on the Kaspersky Security Center Web Server or on another server that is accessible for downloading from the device.

    3. Enter the settings for connecting the device to Kaspersky Security Center in the JSON user data field in the following format: {"serverAddress":"ksc.server.com","serverPort":"12345","groupName":"MOBILE GROUP"}.

      The device must be connected to Kaspersky Security Center to activate the app, configure the device, and send commands.

    4. Select the Add Knox agreements check box.

      To install Kaspersky Endpoint Security for Android via KNOX Mobile Enrollment, the mobile device user must accept the terms of the Samsung License Agreement. You can view the terms of the Samsung License Agreement in the section named End User License Agreements, Terms of Service, and User Agreements. You can also add other legal documents of your company that are necessary for deploying a KNOX MDM profile by clicking the Add user agreement button.

    5. Clear the Bind Knox license to this profile check box.

      Samsung KNOX license information is delivered to the mobile device together with the policy when the device is synchronized with Kaspersky Security Center.

  6. Click the Save button.

As a result, the new KNOX MDM profile with the Kaspersky Endpoint Security for Android app will be added to the list in the KME console.

Page top
[Topic 160806]

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Adding devices in KNOX Mobile Enrollment

Devices can be added in the KNOX Mobile Enrollment (KME) console in the following ways:

  • The vendor automatically adds devices in the KME console after the devices are purchased.

    Select this method if your organization is working with an official vendor of Samsung devices.

  • The administrator installs the KNOX Deployment app from Google Play on their mobile device and migrates the KNOX MDM profile to users' devices using Bluetooth, NFC (Near Field Communication), or a QR code. After deployment of the KNOX MDM profile, the device will be automatically added in the KME console.

    Select this method if the Samsung devices were not purchased from an official vendor.

Adding a device through the vendor

An official vendor of Samsung devices is registered in Samsung KNOX. For the list of official vendors, visit the Samsung technical support website. The vendor automatically adds devices in the KME console for your Samsung account immediately after the devices are purchased. To have the devices added by the vendor, you must register the vendor in the KME console for your Samsung account. You will need a reseller ID to add the vendor of Samsung devices in the KME console. To receive the reseller ID, you must send a request to the vendor. In the request, specify your KNOX client ID.

To view your KNOX client ID:

  1. Sign in to the Samsung KNOX consoleKNOX Mobile Enrollment.
  2. Select the Resellers section.
  3. Your ID is displayed in the KNOX client ID field.

After you receive a response from the vendor with the reseller ID, register the vendor in the KME console. Prior to registering the vendor, you can create a KNOX MDM profile so that the profile can be automatically deployed when adding new devices.

To register an official vendor in the KME console:

  1. Sign in to the Samsung KNOX consoleKNOX Mobile Enrollment.
  2. Select the Resellers section.
  3. Click the Register reseller button.

    This opens a window for registering the device vendor.

  4. In the Reseller ID field, enter the ID received from the official vendor of Samsung devices.
  5. If you created a KNOX MDM profile, select the KNOX MDM profile in the vendor registration window.

    When you add new devices, the KNOX MDM profile is automatically installed.

  6. In the Preferred download confirmation method list, select a method for confirming the addition of a device for a vendor.
    • All downloads must be confirmed. When a device is added by the vendor, you will need to confirm the operation.
    • Automatically confirm all downloads of this reseller. Devices of the vendor will be automatically added in the KME console.
  7. Click OK.

The vendor of Samsung devices will be added to the list of vendors in the KME console.

After new devices are purchased from the official vendor, the Kaspersky Endpoint Security for Android app will be automatically installed to the devices after the devices are connected to the internet. For more details about working with KNOX Mobile Enrollment, please refer to the KNOX Mobile Enrollment User Guide. If you already have a list of devices in the KME console, add the KNOX MDM profile with the KNOX MDM app to the device.

To deliver a KNOX MDM profile to devices:

  1. Sign in to the Samsung KNOX consoleKNOX Mobile Enrollment.
  2. Select DevicesAll devices.
  3. Select the devices on which you want to install the KNOX MDM profile.
  4. Click the Configure button.

    The Device info window opens.

  5. In the MDM profile list, select the KNOX MDM profile with the Kaspersky Endpoint Security for Android app.
  6. In the Tags field, enter tags for grouping and labeling devices, and for search optimization in the KME console.
  7. Enter the user account credentials of the device into the User ID and Password fields.

    Account credentials are required for receiving a mobile certificate. The user ID and password must match the user account credentials in Kaspersky Security Center (Full name and Password in user account properties).

  8. Select the KNOX MDM profile for the remaining devices.
  9. Click the Save button.

After the device is connected to the internet, the user will be prompted to install the KNOX MDM profile.

Adding a device through the KNOX Deployment app

If you did not purchase your Samsung device from an official vendor, you can add the device to KNOX Mobile Enrollment using Bluetooth, NFC, or a QR code. This will require the administrator's mobile device that will be used to deliver KNOX MDM profiles to users' mobile devices.

To add devices using the KNOX Deployment app, the following conditions must be met:

  • Depending on the selected delivery mode, Bluetooth or NFC modules must be enabled on the mobile devices.
  • The mobile devices must be connected to the internet.

To deliver a KNOX MDM profile using the KNOX Deployment app:

  1. Install the KNOX Deployment app from Google Play on the administrator's mobile device.
  2. Start the KNOX Deployment app.
  3. Enter your Samsung account credentials.
  4. In the KNOX Deployment window, configure the settings for deploying a KNOX MDM profile:
    • Select the KNOX MDM profile.
    • Select the deployment mode: Bluetooth or NFC.

      When using Bluetooth, you can add a KNOX MDM profile to several devices at the same time.

  5. Click Start deployment:
    • Bluetooth. On the user's mobile device, open the website https://configure.samsungknox.com.

      This starts the Samsung KNOX Device Registration Wizard. Follow the instructions on the screen.

      After the KNOX MDM profile is installed, the new device with the Bluetooth tag will be added in the KME console.

    • NFC. Bring the administrator's mobile device close to the user's mobile device and transfer the KNOX MDM profile.

      On the user's mobile device, there will be a prompt to install the KNOX MDM profile. The new device with the NFC tag will be added in the KME console.

Page top
[Topic 158031]

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Installing the app

Prior to installing the Kaspersky Endpoint Security for Android app, issue a mobile certificate for mobile device users in the Kaspersky Security Center Administration Console. A mobile certificate is required for identifying the mobile device user in the Kaspersky Security Center Administration Console.

After deployment of the KNOX MDM profile is started, the APK installation file will be automatically downloaded on the mobile device. Installation of the Kaspersky Endpoint Security for Android app is started automatically. The user must accept the Samsung KNOX License Agreement and the Kaspersky Endpoint Security for Android License Agreement. No additional configuration of the app is required. After the app is installed, synchronization with Kaspersky Security Center will be performed automatically. The mobile device will be added to the Kaspersky Security Center Administration Console to the administration group specified in the KNOX MDM profile settings (groupName).

Page top
[Topic 158115]