Forum Discussion
Intune Management Capabilities for Samsung Devices
Dear Team, Greetings,
I would like to better understand the management capabilities available for Samsung Android devices, with Intune . Specifically, I am looking for clarity on whether these devices can be fully managed through Intune instead of relying on the Samsung Knox management tool, including support for application deployment, patch distribution, firmware updates, and other administrative functions.
Any slides reference would be good for my internal discussion ?.
6 Replies
Intune can manage Android Enterprise devices using the Android Management API. This includes Work Managed, Work Profile (Corporate or Personally Owned).
Control over app or firmware updates is currently generally limited on Android Enterprise (e.g., compared to Samsung specific solutions like KNOX E-FOTA).
https://learn.microsoft.com/en-us/intune/intune-service/enrollment/connect-intune-android-enterpriseI would recommend that you identify all your requirements for a UEM and then compare the products. If you have minimal requirements and are using an E3/E5 license, Intune could be an option. If you have a more complex environment or processes, you should take a closer look at Intune before changing over.
I've never seen Knox Manage myself, but I can well imagine that it performs better and offers a few more features for Samsung/AndroidEnterprise. Personally, I wouldn't recommend Intune, but whether it makes sense for you depends on your requirements.
Intune and Samsung are an okay match as long as you use the OEMconfig option, other than that Intune isn't the most advanced MDM you can get regarding configuration and stability.
As Alex_Muc mentioned, the best way to create a good solid business case for your internal discussion would be to write down what the organisation expects from a device. What does it need to do and what not. When you have that clear, you can match it with options an MDM offers. They do not all offer all API's that you might need.
You can look for features here: https://developers.google.com/android/work/requirements
And than check the following link to see what MDM's match the standard or advanced criteria that you need: https://androidenterprisepartners.withgoogle.com/emm/
Thank you very much for your expert advice. I have reviewed the Dedicated device management Intune capability: https://androidenterprisepartners.withgoogle.com/provider/#!/75, which is categorized as ADVANCED management. However, even without Samsung Knox, if I can fulfill the minimum requirements such as pushing apps, remotely updating firmware, applying security patches, and ensuring essential device management, that would be a solid starting point. I agree that Samsung Knox may offer greater capabilities for Samsung devices.
Intune isn't your most stable solution for kiosk solutions, it does check all the boxes to get advanced but it just isn't very good at it. It needs some love and attention which MS is not giving it. But yes, it works.
Firmware management is very basic, and you need an extra license for it I believe. More information here:
https://developer.android.com/work/dpc/system-updates#set-policy
E-FOTA (for samsung), and some other OEM's, offer much more options. Knox isn't your only option here, SOTI, Omnissa are others worth investigating. But as said, focus on the things that are most important to you and look for a solution that fits those demands the best. Intune is nice, since your problably already have a license, but that should not be the main goal.
Just to add to Michel s post (i won't to dig into the Intune thing here, all here know my opinion), do POC's with different MDMs.
POC's are most likely during the testing time cost free but you will definitely see the gain of using any other MDM than Intune (hmm, ok, i didn't make it here without hitting them a bit at least 😇).
If you stay with Samsung and want to in future, Knox is definitely something to look into but there are many other possible solutions out there if you don't want to nail you down to one manufacturer.
And to make an important note: It's not easy/low impact to switch from one MDM to another if you figure out later you made wrong/bad choice. It's not to scare but making you aware of to think more about the system you want to use than just the "free" license.
