Mobility-focused IT managers know the benefits of mobile device management (MDM) and enterprise mobility management (EMM) solutions for their fleets of smartphones and tablets. With little effort, they can secure devices, update software and change policies and configurations. But there’s still one time-consuming task on the list: linking devices to the MDM/EMM tools.

Each MDM/EMM tool works differently, but generally, enrollment requires the end user to find and install a software package from the application store, enter some company-specific information and then log in with their enterprise credentials to link the device to the MDM/EMM portal. If the device serial number wasn’t preloaded by the IT manager, someone has to log in to the MDM/EMM tool and select the correct profile for the user.

To shorten the road to mobile security, look to Knox Mobile Enrollment.

How Does It Work?

Knox Mobile Enrollment (KME) is a cloud-based service that is integrated into all Samsung smartphones. KME depends on two bits of wizardry: a preloaded list of serial numbers attached to a company, and Samsung Knox-enabled devices automatically connecting to the KME service when they are first turned on.

The first magic piece relies on resellers working with companies to simplify device setup. When an IT manager wants to use KME, they set up a company account on the KME service, and then authorize their preferred Samsung reseller to add devices to their KME environment. When the reseller is about to ship devices, they load the serial numbers into their KME portal and associate them with the company buying them, which activates them in the KME portal. In effect, the IT manager knows about the serial numbers of their devices before they hit their loading dock and can even assign devices to particular users, sight unseen. The whole process seems even more magical when a reseller drop-ships a device directly to the end user, because the device begins the KME and learns what company owns it the moment the device is turned on.

That’s the second bit of wizardry: the Samsung mobile device itself. When the device is first booted and has an internet connection, whether through Wi-Fi or a carrier’s data network, it connects to a known Samsung KME server, sending up its serial number. If the serial number is known and mapped to a company, then the whole mobile enrollment process starts immediately.

Flexible Functionality

In between shipment and enrollment, IT managers have to build a profile for the device so that it can enroll into their preferred MDM/EMM toolkit. KME supports almost two dozen different MDM/EMM tools, including the usual big names: VMware, MobileIron, Microsoft, BlackBerry, Citrix, IBM, Kaspersky, Sophos and — of course — Samsung’s own cloud-based EMM solution.

KME profiles have only a few settings, as the goal is just to get the device enrolled into the MDM/EMM and not be a full configuration toolkit. IT managers have to specify which MDM/EMM they are using, any MDM-specific information that is needed, whether or not the MDM/EMM enrollment and setup wizards are optional and how the user will be authenticated to the MDM/EMM tool.

KME includes a variety of authentication options flexible enough for most environments. IT managers can require end users to provide their own username and password to finish the enrollment, use a single shared credential to get the enrollment process running or — for MDM/EMM tools that support it — use a one-time password generated by the MDM/EMM tool to securely link to a particular user without asking for a password. IT managers can even load usernames and passwords into KME, which works well for dedicated single-application devices installed into kiosks.

For end users, KME speeds up the process of getting started with their new smartphone. For IT managers, it ensures that devices start with a secure configuration from the first boot and are immediately linked to the enterprise MDM/EMM tool. It’s a win-win solution.

Oh, one more thing: it’s completely free.

Find out more about Samsung Knox’s entire solution set on the road to creating full security for your company’s mobile fleet.