Complete Mobility Management Solutions for Samsung SAFE and KNOX Devices

AirWatch provides complete management for Samsung for Enterprise (SAFE) and Samsung KNOX Galaxy S smartphones, Galaxy tablets and Galaxy Note devices. SAFE devices are enterprise ready with enhanced device-level security and management capabilities. KNOX devices offer enhanced security and management capabilities at a container level. With AirWatch, you can remotely manage settings, policies, applications and functionality for SAFE and KNOX devices.

AirWatch allows you to manage Samsung devices through native capabilities supported by the platform and Samsung-specific APIs. The functionality below is specific to Samsung devices and is available through AirWatch integration with Samsung APIs. To view a list of the native Android functionality supported, please visit the Android page.

Samsung Platforms

Samsung SAFE

  • Device level management and security
  • Native user experience with enterprise-grade security
  • Designed for line-of-business devices and BYOD programs

Samsung KNOX

  • Application and container level management
  • Dual persona separates personal and corporate content and applications
  • Ideal for security-focused deployments

Device Level Policies

  • Passcode
  • Encryption
  • Restrictions
  • Email
  • VPN
  • Wi-Fi
  • Applications
  • Reporting
  • Remote Troubleshooting

Container Level Policies

  • User Authentication
  • Restrictions
  • Email
  • App level VPN
  • SSO
  • Approved applications
  • Certificates

Samsung SAFE

Samsung SAFE offers device level management and security designed for line-of-business devices and Bring Your Own Device (BYOD) programs. Administrators can configure device-level policies that include passcode, restrictions, encryption and reporting policies.


AirWatch helps secure Samsung SAFE devices with configurable settings for devices, encryption, and restrictions applied to applications, functionality, networks, roaming, web browsing and Secure Launcher. Device settings include password policy, lock screen and enterprise email account removal. For ultimate data loss prevention (DLP), administrators can require devices’ internal storage and SD cards to be encrypted with AES-256-bit standard, FIPS-140 compliant encryption. Hundreds of restrictions are available, including application restrictions for YouTube and Google Play; functionality restrictions for home key and cloud backups; and network restrictions for blacklisted Wi-Fi networks and unsecured Wi-Fi hotspots. Telecommunications, network and roaming restrictions can also be enforced.

Corporate Resources

AirWatch enables easy configuration of corporate resources on Samsung SAFE devices. Authentication certificates for Email, Wi-Fi and VPN can be silently installed and removed from devices, and native email clients can be configured for Exchange ActiveSync (EAS). To keep corporate content secure, copy/paste capabilities and email forwarding can be disabled, and certificate authentication can be required. Connections to VPN networks can be configured and minimum Wi-Fi security levels can be required. Users can also be required to use Wi-Fi when available to reduce roaming and data costs.


AirWatch enables you to manage, secure, deploy and track public, internal and purchased applications on Samsung SAFE devices. Administrators can silently install, update and remove internal applications to ensure users always have the latest app versions. Application data can be wiped over-the-air to protect corporate content, and pre-loaded apps.

Remote Management

AirWatch enables remote management and control of Samsung SAFE devices. From the admin console, administrators can lock devices, wipe devices, reboot devices and activate GPS radio over-the-air. Samsung SAFE devices also allow for remote view and control.

Samsung KNOX

Samsung KNOX offers container level security and management. A dual persona separates personal and corporate content and applications, making KNOX ideal for government and organizations with Bring Your Own Device (BYOD) programs. With AirWatch, you can enable container-level policies, including user authentication, browser restrictions and password policies, to protect your corporate data.

Container Management

Samsung KNOX enables container level management to create, remove and lock containers as well as reset passwords. Manage single sign-on (SSO) across corporate services inside the container. Define a list of allowed SSO apps and force users to re-authenticate.


Samsung KNOX includes automated security policies in the corporate container, including disabled screen capture, third-party app screen sharing and USB access to container storage. From the admin console, administrators can configure additional security policies, including pin/password and container-level administrator policies. Samsung KNOX also enables FIPS 140-2 compliant encryption.

Corporate Resources

AirWatch enables secure access to corporate resources from AirWatch Email Client for Android. Administrators can configure the native email client for Exchange ActiveSync, and secure email data and attachments. Configure password, signature and sync calendar, contacts tasks and notes. Disable HTML email and forwarding to other accounts. Administrators can also add VPN to either all or specified applications in the container. Configure data to automatically encrypt at-rest and in-transit, and manage single sign-on settings across corporate services inside the container.

Application Management

With AirWatch and Samsung KNOX, administrators can silently manage their internal apps. Install, update and remove internal apps and report all installed apps. Authenticate users using single sign-on before granting access.

Samsung KNOX Browsing

Administrators can set browsing restrictions for Samsung KNOX devices. Disable auto fill, popups, cookies and java script from the browser.