Samsung Knox MDM

By downloading an XML file from Umbrella and then uploading it to your Knox system, Knox is able to push configuration information to both the Cisco Secure Client and Umbrella so that your Android device is registered with Umbrella. The result is that your Android device is protected by Umbrella.

For information about configuring Knox, see Knox's documentation.


Samsung Knox Details

For more information about using the Cisco Umbrella AnyConnect module with the Samsung Knox Mobile Device Manager, see Knox documentation, which is available online at the Samsung Knox support website.

Table of Contents


  • An Android Enterprise compatible device deployment. The legacy Device Admin (DA) system is not supported at this time
  • Android mobile devices running Android OS version 6.0.1 and above. Devices examples are Samsung, Google, and Motorola. FireOS devices and other Android forks are not supported.
  • An MDM for deploying the software; in this case, Samsung Knox.
  • Access to an Umbrella subscription including mobile device coverage.
  • A network meeting access requirements.
    • Access over UDP 53 and UDP 443 to from the device.
  • For on-network scenarios, Trusted Network Detection (TND) may also be used to disable the client on network and pass traffic to a Virtual Appliance. The following prerequisites apply:
    • All VAs in use are defined by FQDN (IPs entered will not allow the client to go into trusted network mode) in the umbrella_va_fqdns configuration property.
      • The format for this field is comma separated, for example, (,
    • VAs must be registered to the same Umbrella organization as the Android devices.
    • HTTPS mode for user events enabled on the Virtual Appliance.
      • If the VA’s FQDN is not publicly signed, the self-signed root certificate for the VA domain used for HTTPS mode on the VA must also be pushed to the Android device to sign the connection.
      • VA certificates should contain Subject Alternate Name (SAN) matching the VA’s configured domain to successfully communicate with the VA over HTTPS mode.
      • For more information on how to configure HTTPS mode on the VA, see Umbrella Virtual Appliance: Receiving User-IP mappings Over a Secure Channel.

Register with the Enterprise Mobile Manager (EMM)


Enroll Android Devices

  1. In the Knox dashboard, navigate to Users.
  2. Add necessary information and click Save and Request Enrollment.
  1. Install Samsung Knox Manage from the Google Playstore and enroll the device if it is not already enrolled.
  2. When the device is enrolled, follow the prompts to create the work profile mode.
  3. Verify that the device appears in the Knox Manage Device list.

Push the App

  1. In the Knox dashboard, navigate to Application > Add > Select Application Type.
  1. Select Public, search for AnyConnect in the Playstore and approve it.
  1. Click Assign. This assigns the application to the device.

Set Managed Configuration

  1. Set Managed Configuration.
  1. Add the Umbrella organization and registration token.
  1. Select the target group or organization and click Assign.

Create Profile in Knox Manage

  1. Navigate to Profile and apply application control settings.
  1. Verify that the applications pushed to the device appear.

Push User Identities

When user identities are pushed to Umbrella, you can identify and search users and devices. For more information, see Manage Identities.

Push the Umbrella Certificate

For information, see Push the Umbrella Certificate to Devices.

Manage Pop-Ups and App Controls

For information about configuring the client's deployment options, see Manage Pop-Ups and App Controls.

Microsoft Intune MDM < Samsung Knox MDM > Push the Umbrella Certificate to Devices