Overview

The Samsung Knox Asset Intelligence for Sentinel solution provides enterprise IT admins and SecOps (security operations) teams with the ability to capture security telemetry data from Samsung Galaxy devices, and have that data converted into events and logs in Microsoft Sentinel.

Once this solution is deployed in Sentinel, IT and security administrators can configure on-device Security Logs to send security threat alerts directly to their Security Operations Center (SOC). This allows SOC analysts and enterprise security teams to view and manage these alerts and prompting effective triage, incident identification, and response efforts.

Prerequisites

To use this solution, you’ll need to have the following from Samsung Knox and Microsoft Sentinel:

Samsung Knox

• Samsung Knox account with access to Knox Asset Intelligence.
• A valid Knox Suite license.
• Samsung Galaxy devices running Android 15 (V) or higher, configured with a UEM/EMM in one of the following modes:
  • Fully managed (also known as Device Owner/DO) provisioning
  • Company-owned Personal Device (COPE) provisioning

Microsoft Azure

You’ll need to pre-configure several services in your Azure portal, including Microsoft Sentinel, Log Analytics workspaces, Microsoft Entra ID before proceeding with this integration. The following Azure services or resources are required:

• An active Azure subscription
• An Azure Resource Group created.
• A Log Analytics Workspace instance created and deployed.
• A Microsoft Sentinel instance created and deployed with the following Sentinel roles granted:
  • Sentinel Contributor
  • Microsoft Metrics Publisher
• Microsoft preview community (optional) to get access to support and resources.