Kaspersky Secure Mobility Management
5.0
English

Contents

Installation of Kaspersky Endpoint Security for Android via Knox Mobile Enrollment

Knox Mobile Enrollment (KME) is part of the Samsung Knox mobile solution. It is used for batch installation and initial configuration of apps on new Samsung devices.

Installation of Kaspersky Endpoint Security for Android via Knox Mobile Enrollment consists of the following steps:

  1. Creating a Knox profile with the Kaspersky Endpoint Security for Android app
  2. Adding devices in Knox Mobile Enrollment
  3. Installing the Kaspersky Endpoint Security for Android app on the user's mobile devices

For more details about working with Knox Mobile Enrollment, please refer to the Knox Mobile Enrollment User Guide.

Deployment via Knox Mobile Enrollment is possible only for supported Samsung devices.

In this section

Creating a Knox profile

Adding devices in Knox Mobile Enrollment

Installing the app
Page top
[Topic 281604]

Creating a Knox profile

A Knox profile is a profile that contains links to apps for their quick deployment and initial configuration on mobile devices.

To create a Knox profile:

  1. Sign in to the Samsung Knox consoleKnox Mobile Enrollment.
  2. Select the Profiles section.
  3. Click Actions > Create profile.

    The Create New Profile wizard starts.

  4. Select Android Enterprise as the profile type.
  5. In the Android enterprise profile details window that opens, specify the following settings:
    1. In the Basic information section, enter general information about the Knox profile: Profile name and Description.
    2. In the EMM information section, in the Pick your EMM field, select Other.
    3. In the EMM agent APK field, enter the path to the APK installation file.

      The installation file for Kaspersky Endpoint Security for Android is included in the Kaspersky Secure Mobility Management distribution kit. First, download the APK installation file. Then place the APK installation file on the Kaspersky Security Center Web Server or on another server that is accessible for downloading from the device.

  6. Click Continue.
  7. In the Android enterprise profile settings window that opens, specify the following settings:
    1. In the EMM configuration section, enter the settings for connecting the device to Kaspersky Security Center in the Custom JSON data (as defined by EMM) field in the following format:
    2. {"serverAddress":"myServer.domain.com","serverPort":"12345","vsrv":"virtualServerID","groupName":"MOBILE GROUP","eulas":"cmFuZG9tYmFzZTY0c3RyaW5n"}.

      The following fields of the JSON file are now supported:

      • serverAddress - the address of the Kaspersky Security Center.
      • serverPort - the number of the port for mobile device synchronization to the Administration Server via the specified address.
      • vsrv (optional) - the Virtual Administration Server.
      • groupName (optional) - the name of the subgroup in the Unassigned group.
      • eulas (optional) - the list of the accepted EULAs (an array of binary identifiers, 16 bytes long).

      The connectionString parameter is no longer supported for KME (Knox Mobile Enrollment).

    3. To install Kaspersky Endpoint Security for Android via Knox Mobile Enrollment, the mobile device user must accept the terms of the Samsung License Agreement. You can view the terms of the Samsung License Agreement in the Privacy Policy, EULAs and Terms of Service section. You can also add other legal documents of your company that are necessary for deploying a Knox profile by clicking the Add legal agreement button.
  8. Click the Save button.

As a result, the new Knox profile with the Kaspersky Endpoint Security for Android app will be added to the list in the KME console.

Page top
[Topic 281171]

Adding devices in Knox Mobile Enrollment

Devices can be added in the Knox Mobile Enrollment (KME) console in the following ways:

  • The vendor automatically adds devices in the KME console after the devices are purchased.
  • The administrator installs the Knox Deployment app from Google Play on their mobile device and migrates the Knox profile to users' devices using Bluetooth, Wi-Fi Direct, or a QR code.

After the device is reset to the factory settings, the Knox profile will be installed. After deployment of the Knox profile, the device will be automatically added in the KME console.

Adding a device through the Knox Deployment app

If you did not purchase your Samsung device from an official vendor, you can add the device to Knox Mobile Enrollment using Bluetooth, Wi-Fi Direct, or a QR code. This will require the administrator's mobile device that will be used to deliver Knox profiles to users' mobile devices.

To add devices using the Knox Deployment app, the following conditions must be met:

  • Depending on the selected delivery mode, Bluetooth or Wi-Fi must be enabled on the mobile devices.
  • The mobile devices must be connected to the internet.

To deliver a Knox profile using the Knox Deployment app:

  1. Install the Knox Deployment app from Google Play on the administrator's primary mobile device.
  2. Start the Knox Deployment app.
  3. Enter your Samsung account credentials to sign in.
  4. In the Knox Deployment window, configure the settings for deploying a Knox profile:
    1. In the Knox services section, select Knox Mobile Enrollment.
    2. Select the desired Knox profile from the list.
    3. Select the Deployment mode:
      • Bluetooth. Set the duration of Bluetooth connection and specify whether the Bluetooth connection is automatic or manual.

        When using Bluetooth, you can add a Knox profile to several devices at the same time.

      • Wi-Fi Direct. Specify whether the Wi-Fi Direct connection is automatic or manual. Then follow the instructions on the screen.
    4. Tap Start deployment.
  5. On the receiver device, draw a plus-sign (+) gesture on the Welcome window to initiate deployment.
  6. In the Knox Deployment menu that opens, select whether you want to use Bluetooth or Wi-Fi Direct to enroll a device:
    1. If you selected Bluetooth, approve the pairing request that appears on the primary device. Then the receiver device downloads the profile. Follow the instructions on the screen.

      After the Knox profile is installed, the new device will be added with the Bluetooth tag to the KME console.

    2. If you selected Wi-Fi Direct, follow the instructions on the screen.

      After the Knox profile is installed, the new device will be added with the Wi-Fi tag to the KME console.

  7. When the receiver device is configured, tap Finish deployment on the primary device in order to complete the enrollment.

After the device is reset to the factory settings, the Knox profile will be installed.

To deliver a Knox profile using a QR code:

  1. On the receiver device, draw a plus-sign (+) gesture on the Welcome window to initiate deployment.
  2. In the Knox Deployment menu that opens, select QR-code.
  3. In the KME Console, select the desired profile in the Profiles section.
  4. If there is no QR code next to the profile name, open the profile settings and click the Add a QR-code button on the second page.
  5. Follow the instructions on the screen and save the profile.

    The generated QR code appears near the profile name.

  6. Scan a QR code from the KME Console with the camera on the user's mobile device running Android 10 or later.

    After the Knox profile is installed, the new device with the QR-code tag will be added to the KME console.

After the device is reset to the factory settings, the Knox profile will be installed.

Adding a device through the vendor

Official vendors of Samsung devices can be registered in Samsung Knox. For the list of official vendors, visit the Samsung technical support website. The vendor automatically adds devices in the KME console for your Samsung account immediately after the devices are purchased. To have the devices added by the vendor, you must register the vendor in the KME console for your Samsung account. You will need a reseller ID to add the Samsung device vendor in the KME console. To receive the reseller ID, you must send a request to the vendor. In the request, specify your Knox client ID.

To view your Knox client ID:

  1. Sign in to the Samsung Knox consoleKnox Mobile Enrollment.
  2. Select the Resellers section.
  3. Your ID is displayed in the Knox Customer ID field.

After you receive a response from the vendor with the reseller ID, register the vendor in the KME console. Prior to registering the vendor, you can create a Knox profile so that the profile can be automatically deployed when adding new devices.

To register an official vendor in the KME console:

  1. Sign in to the Samsung Knox consoleKnox Mobile Enrollment.
  2. Select the Resellers section.
  3. Click the Register reseller button.

    The window for registering the device vendor opens.

  4. In the Reseller ID field, enter the ID received from the official Samsung device vendor.
  5. If you created a Knox profile, select the Knox profile in the vendor registration window.

    When you add new devices, the Knox profile is automatically installed.

    For more information about configuring other settings, please refer to the Samsung technical support website.

  6. Click OK.

The Samsung device vendor will be added to the list of vendors in the KME console.

After new devices are purchased from the official vendor, Kaspersky Endpoint Security for Android will be automatically installed on the devices after the devices are connected to the internet. For more details about working with Knox Mobile Enrollment, please refer to the Knox Mobile Enrollment User Guide. If you already have a list of devices in the KME console, add the Knox profile with the Knox app to the device.

Page top
[Topic 282611]

Installing the app

Prior to installing Kaspersky Endpoint Security for Android, issue a mobile certificate for mobile device users in the Kaspersky Security Center Web Console. A mobile certificate is required for identifying the mobile device user in the Kaspersky Security Center Web Console.

To deliver the Knox profile to devices:

  1. Sign in to the Samsung Knox consoleKnox Mobile Enrollment.
  2. Select DevicesAll devices.
  3. Select the devices on which you want to install the Knox profile.

    The Device info window opens.

  4. In the Profiles list, select the Knox profile with Kaspersky Endpoint Security for Android.
  5. In the Tags field, enter tags for grouping and labeling devices, and for search optimization in the KME console.
  6. Enter the user account credentials of the device into the User ID and Password fields.

    Account credentials are required for receiving a mobile certificate. The user ID and password must match the user account credentials in Kaspersky Security Center (Name and Password in the user account properties).

    To receive a mobile certificate only with a password and without a login, enter the "DO_NOT_USE_LOGIN" value in the User ID field. Kaspersky Endpoint Security for Android will not use the login to request a certificate.

  7. Select the Knox profile for the remaining devices.
  8. Click the Save button.

After the device is reset to the factory settings, the Knox profile will be installed.

After deployment of the Knox profile is started, the APK installation file will be automatically downloaded on the mobile device. Installation of Kaspersky Endpoint Security for Android starts automatically. No additional configuration of the app is required. After the initial setup of the device is performed and the app is installed, synchronization with Kaspersky Security Center will be performed automatically. The mobile device will be added to the Kaspersky Security Center Web Console.

Page top
[Topic 282612]