Deploying the Knox Service Plugin (KSP) as an Internally-Managed Application

The first step is to extract the restrictions.xml file to get a list of the key-value pairs required to create the XML file.

1. Download the Windows wrapper script and save the file as apktool.bat. Then, download the apktool.
2. Copy both files into a folder (name it APKTool) in C:\Documents.
3. Navigate to Environment Variables (This PC > Properties > Advanced System Settings).
   
4. Select the system variable for the JAVA path and click Edit.
   
5. Add a new path that points to the folder containing the APK tool files.
   
6. Run the command apktool d using command prompt.
   

The next step is to build the XML file.

The previous command extracts the APK files to the Current Location\ (C:\KSP).

1. Open the app_restrictions.xml file located in C:\<App name>\res\xml.
   
2. Find the parameter that you want to configure and the corresponding key-value pair.
   
3. KSP follows a nested configuration. After you have added the parameter, for example, profileDexCustomization, then find the parent parameter under which it is nested. Note the restrictionType (see yellow highlighted values in the previous screenshot) because you must create XML tags to form the nested XML file, as shown in this example.
   

The final step is to create an Android device profile and apply the KSP app configuration to the device.

1. In the Workspace ONE UEM console, create an Android device profile (Devices > Profiles & Resources > Profiles > Add).
   
2. Add a Custom Settings payload and paste the XML file that was built in the previous step.
   
3. Save and Publish the profile to be pushed to assigned devices.