This post is authored by Arnab Biswas, Program Manager, Microsoft 365 Security.
Managing company-owned Android devices just got easier. Today, Microsoft Intune is announcing support for enrollment of Samsung devices using Knox Mobile Enrollment. You can now procure, configure and manage Samsung devices on behalf of the company and enroll them centrally before delivering to users. With the combination of Intune and Knox Mobile Enrollment, your end-users enjoy a faster Intune onboarding experience with fewer clicks and no Android system prompts. This capability currently supports device admin for enterprise use and will be extended to device owner enrollments in a forthcoming release.
IT admins can configure MDM profiles in the Knox Portal by simply selecting the Intune Company Portal app, and optionally, associating usernames with devices. For the end-user, the Intune enrollment experience is seamlessly integrated with the out-of-box set-up experience. When the device is connected to the Internet for the first time, it automatically installs and launches the Intune Company Portal app and enrolls to Intune as part of new device set-up experience. If IT admin has associated the username and device, it is pre-populated in Company Portal. End-users then only need to enter their work or school account password to enroll devices. Pre-populated username also prevents enrolling using a different username after the device has been factory-reset or removed from Intune management by the end-user.
IT admins also have the flexibility to enroll devices to Intune using Device Enrollment Manager (DEM) accounts. Enrolling to Intune without using a username and password is currently not supported. In the future, Intune will add support for user-less cases in the kiosk/COSU (Corporate-Owned, Single-Use) scenarios in Android enterprise enrollment.
When enrolling a device using Knox Mobile Enrollment, Android system permissions (device administrator and phone call permissions) are auto-granted to the Intune Company Portal. While a Google account is not necessary to enroll to Intune using Knox Mobile Enrollment, it is required for updating Intune Company Portal to the latest version. User must have an Intune license to use Samsung Knox Mobile Enrollment on Knox 2.4 or higher; no other licensing is required. Knox Mobile Enrollment is supported with Intune’s Android Company Portal v5.0.4044.0 that starts rolling out this week.