Samsung Knox will support OEMConfig, and is eyeing more IoT support
Samsung outlines their tactical and strategic plans to continue the success of Knox.
Last November, I posed the question: After Knox, what’s Samsung’s next big hit in the enterprise? This week at Mobile World Congress 2019, we got some answers about the next steps for Knox. (So, we can consider this the enterprise followup to last week’s Samsung UNPACKED event, where they revealed new devices.)
In enterprise mobility management, Samsung Knox will continue its embrace of Android Enterprise by supporting OEMConfig. And at a broader level, Samsung is planning that all of the connected devices it sells will support Knox. Let’s take a closer look.
Samsung Knox and OEMConfig
Samsung announced OEMConfig support in a joint blog post with Google, though Jason Bayton’s deep dive on OEMConfig (which you should read) indicates that Samsung had previously confirmed their intentions.
In short, by using managed app configurations and a privileged system app, OEMConfig enables any EMM vendor that supports Android Enterprise to also support custom MDM APIs that device makers sometimes add on top of the core Android Enterprise APIs. Samsung is calling their OEMConfig app the Knox Service Plugin.
This makes life way easier for EMM vendors and customers, as they can use Samsung’s new Knox features and APIs as soon as they come out, without any extra custom development. In turn (in theory), vendors could then shift engineering resources to other features on their roadmap, which would be any product manager’s dream.
A year ago, Samsung “unified” Knox 3.0 with Android Enterprise by eliminating redundant Knox APIs in favor of the the equivalent Android Enterprise APIs. Again, this was a move that has probably saved a lot of resources for EMM vendors and Samsung.
This leaves Knox Mobile Enrollment as the last major Samsung management components that haven’t been unified with their Android Enterprise equivalent—in this case, Android Enterprise zero-touch.
I imagine that this last step would involve rebuilding a lot of Samsung’s infrastructure, but we’ll see what happens in the next year or two.
For now, Samsung and Google will jointly release a library that allows device resellers to support both Knox Mobile Enrollment (components of which are also called the Knox Deployment Program) and Android Enterprise zero-touch.
At least one general tech blog reported that Samsung devices were joining the Android Enterprise Recommended program, but this is incorrect, and Samsung devices are still not part of Android Enterprise Recommended. (That's what you get with official programs like this—sometimes the most prominent players aren't involved. Of course, Samsung has been popular in the enterprise for years, and will continue to be, so the lack of the AER badge probably won't hurt them.)
Knox in more places
Knox has been expanding into other devices (like commercial displays), but this week Samsung also said they’re going to take this further, writing: “Our objective is to include KPE [Knox Platform for Enterprise] in every network-connected enterprise device that we manufacture.” This will include 5G microcells and IoT devices.
Samsung is also going to expand Knox’s security analytics capabilities. We’ll watch out to see how this plugs into platforms like Workspace ONE Intelligence Trust Network and Citrix Analytics.
What’s next?
The Knox expansion strategy completely makes sense, so it isn’t too surprising. Like I wrote back in November, the entire industry is trying to figure out what’s next after smartphones, but Samsung is inherently well positioned given their broad portfolio and all they’ve done with Knox so far. In the meantime, it’s great to see them embracing more of Android Enterprise.
