Intune – Knox Platform for Enterprise (OEMConfig) claim your 2 year free license for Premium features

If you have been working with OEMConfig in Intune for Samsung devices you might have seen that there are some specific policies that says “Premium Features” on them when looking through the list of settings.

https://www.samsungknox.com/en/solutions/it-solutions/knox-platform-for-enterprise

How to claim your 2 year free license

Go to https://www.samsungknox.com/ and login if you have an existing account. If you don’t have an existing account you need to create it (which is free). Once created it usually takes a couple of days before it gets approved by your local Samsung branch. There’s a manual review process that goes on behind the scenes at Samsung which takes a couple of days but I have never encountered any problems with it or that it gets denied.

In the Knox portal, find the section that’s called “Knox Platform for Enterprise”. Hover the mouse over it and click on “Generate” to generate your free license key that’s valid for 2 years.

The key get generated and you can find over over at “Licenses” -> “Commercial Keys” and look for the one that’s called Knox Platform for Enterprise Premium

Creating a Premium policy that removes the Bluetooth toggle on a device

Create a new OEMConfig in Intune by navigating to Devices -> Android -> Configuration Profiles -> Create Profile and select Android Enterprise as platform and Profile type is OEMConfig

Read more about OEMConfig in Intune here:
https://docs.microsoft.com/en-us/mem/intune/configuration/android-oem-configuration-overview

Start with giving your Profile a name and enter the KPE Premium license key you generated from the Knox portal. Once that’s done click on Configure on the setting Device-wide policies (Selectively applicable to Fully Manage Device (DO) or Work Profile-on company owned devices (WP-C) mode as noted)

Note.
For testing purposes I recommend enabling Debug Mode as well, this will enable the KSP app on the device which will show you information on the configuration you tried to apply to the device.

configure the following settings:

Enable device policy controls” to True

And scroll down to the Device Settings (Premium) and click Configure

configure the following settings:

Enable devices settings controls” to True

Hide Settings Bluetooth” to True

And click on “Review + save”

Once saved, assign it to your group of users or devices

Under “Policies received” we can find information about which settings have been applied.

Here’s an before and after shot on the device

Before

After

What happens if you don’t have a license

If you don’t specify a valid license in your configuration

On the device and in the Knox Service Plugin (KSP) you’ll see something like this:

Package: com.google.android.apps.work.clouddpc
Result: Completed with errors

And under configuration results

Device Settings (Premium)
Message: [Permission error occured. Please check your license key has necessarry privileges and tr again.]
[13009][Permission com.samsuing.android.knox.permissions.KNOX_CUSTOM_SETTING, com.samsung.android.knox.permission.KNOX_CUSTOM_SYSTEM missing]

And of course the bluetooth setting is still available for the device.

That’s it for now, Don’t forget to follow me on twitter @timmyitdotcom

Leave a Reply