Product Documentation

To add a remote support device policy for Samsung KNOX

Feb 13, 2015
You create a remote support policy in XenMobile to give you remote access to users' Samsung KNOX devices. You can configure two types of support:
  • Basic, which lets you view diagnostic information about the device, such as system information, processes that are running, task manager (memory and CPU usage), installed software folder contents, and so on.
  • Premium, which lets you remotely control the device’s screen, including control over colors (in either the main window, or in a separate, floating window), the ability to establish a Voice-over-IP session (VoIP) between the help desk and the user, to configure settings, and to establish a chat session between the help desk and the user.
Note: To implement this policy, you must do the following:
  • Install the XenMobile Remote Support app in your environment.
  • Configure a remote support app tunnel. For details, see To add an app tunneling device policy for Android.
  • Configure a Samsung KNOX remote support device policy as described in this topic.
  • Deploy both the app tunnel remote support policy and the Samsung KNOX remote support policy to users' devices.
  1. In the XenMobile console, click Configure > Device Policies. The Device Policies page appears.

    Select Policies page

  2. Click Add to add a new policy. The Add a New Policy dialog box appears.

    Select remote support

  3. Click More and then, under Network access, click Remote Support. The Remote Support Policy page appears.

    Remote support device policy information page

  4. In the Policy Information pane, enter the following information:
    1. Policy Name: Type a descriptive name for the policy.
    2. Description: Optionally, type a description of the policy.
  5. Click Next. The Samsung KNOX platform information page appears.

    Samsung KNOX remote support device policy information page

  6. In the Samsung KNOX platform information page, enter the following information:
    1. Remote support: Select Basic remote support or Premium remote support. The default is Basic remote support.
  7. Expand Deployment Rules and then configure the following settings: The Base tab appears by default.

    Deployment rules

    1. In the lists, click options to determine when the policy should be deployed.
      1. You can choose to deploy the policy when all conditions are met or when any conditions are met. The default option is All.
      2. Click New Rule to define the conditions.
      3. In the lists, click the conditions, such as Device ownership and BYOD, as shown in the preceding figure.
      4. Click New Rule again if you want to add more conditions. You can add as many conditions as you would like.
    2. Click the Advanced tab to combine the rules with Boolean options.

      Advanced deployment rules with base rules

      The conditions you chose on the Base tab appear.
    3. You can use more advanced Boolean logic to combine, edit, or add rules.
      1. Click AND, OR, or NOT.
      2. In the lists that appear, choose the conditions that you want to add to the rule and then click the Plus sign (+) on the right-hand side to add the condition to the rule.

        At any time, you can click to select a condition and then click EDIT to change the condition or Delete to remove the condition.

      3. Click New Rule again if you want to add more conditions.

        In this example, the device ownership must be BYOD, the device local encryption must be True, and the device mobile country code cannot be only Andorra.

        Advanced deployment rules complete

  8. Click Next. The Remote Support Policy assignment page appears.
  9. Next to Choose delivery groups, type to find a delivery group or select a group or groups in the list to which you want to assign the policy. The groups you select appear in the right-hand Delivery groups to receive app assignment list.

    Policy assignment page

  10. Expand Deployment Schedule and then configure the following settings:
    1. Next to Deploy, click ON to schedule deployment or click OFF to prevent deployment. The default option is ON. If you choose OFF, no other options need to be configured.
    2. Next to Deployment schedule, click Now or Later. The default option is Now.
    3. If you click Later, click the calendar icon and then select the date and time for deployment.
    4. Next to Deployment condition, click On every connection or click Only when previous deployment has failed. The default option is On every connection.
    5. Next to Deploy for always-on connection, click ON or OFF. The default option is OFF.
      Note: This option applies when you have configured the scheduling background deployment key in Settings > Server Properties. The always-on option is not available for iOS devices.
    Note: The deployment schedule you configure is the same for all platforms. Any changes you make apply to all platforms, except for Deploy for always on connection, which does not apply to iOS.

    Deployment schedule

  11. Click Save to save the policy.