The Android Hub Settings page lets you configure various options that affect the Android Hub mobile app. Adjusting these intervals can impact battery life, with smaller values equating to more frequent pings and greater power consumption.

To access the Workspace ONE Intelligent Hub Settings navigate to Groups & Settings > All Settings > Devices & Users > Android > Hub Settings.

  • Current Setting – Select whether to Inherit or Override the displayed settings. Inherit means use the settings of the current organization group's parent OG, while Override enables the settings for editing so you can modify the current OG's settings directly.


Setting Descriptions
Heartbeat Interval (min) Enter the heartbeat time interval, which is how frequently the Workspace ONE Intelligent Hub checks in with the Workspace ONE UEM server. Reports beacon data to the Workspace ONE UEM console. The primary purpose of this report is to show compromised device status. However, beacon data also includes IP address and other data, such as model and OS version.
Data Sample Interval (min) Enter the data sample time interval, which is how frequently the Workspace ONE Intelligent Hub collects data from the device. Collects interrogator data and reports all data collected by the Workspace ONE Intelligent Hub, including Telecom and Network data, as well as the battery, power and memory status.
Data Transmit Interval (min) Enter the data transmit time interval, which is how frequently the Workspace ONE Intelligent Hub sends data to the Workspace ONE UEM server. Reports interrogator data to the Workspace ONE UEM console. This value should always be greater than the Data Sample Interval value.
Profile Refresh Interval (min) Enter the profile refresh time interval, which is how frequently the device profile list for the device is refreshed on the Workspace ONE UEM server. Checks in with the Workspace ONE UEM console for profile updates or new profiles.
Require Google Account Require a Google Account to leverage Google Cloud Messaging (GCM) to send remote commands to devices. Only deselect this option if you are utilizing AWCM.
Require Phone Number Enable an additional prompt during enrollment. This phone number is recorded in Workspace ONE UEM to serve as a backup contact number in case devices are lost, turned off or do not have access to Internet.
Block User Unenrollment

Select this option to ensure end users cannot unenroll their devices by disabling the 'Unenroll' option in the Workspace ONE Intelligent Hub menu.

On Samsung devices using Android Legacy, this will also prevent Device Administrator deactivation for the Workspace ONE Intelligent Hub.

Device Services Version Displays OEM service version.

Application List

The Application List detects specific, blacklisted apps that are installed on a device, or detect all apps that are not whitelisted. You can either specifically prohibit certain apps, such as social media or entertainment apps, or specifically permit only the apps you specify, such as internal applications for business use.

Setting Description
Application List Interval (min) Enter the frequency at which the Workspace ONE Intelligent Hub checks the application list.


Setting Description
Install Options Select how end users will be prompted to install new internal applications. You can provide a Direct Prompt, a Status Bar Notification, or opt to have No Notification.
SafetyNet App Verification Enable to allow app verification which scans apps installed on the device before they are downloaded to detect potentially harmful apps.
When enabled:
  • The scan runs whenever an app is installed or removed from device.
  • Users cannot disable app verification on device.

This setting also works in conjuction with the restriction setting in the Android Restrictions profile in the UEM console.

Samsung Knox

For more information about these settings or Samsung Knox in general, refer to the VMware AirWatch Containerization with Samsung Knox Guide.

Setting Description
Enable Containers This field enables Knox containers for Android(Legacy) enrolled devices.

When Android EMM registration is configured, enabling containers enrolls devices into Android(Legacy) management and activates Knox Play for Work configuration on Samsung devices.

Knox License Key Enter your Samsung Knox License Key. This field is independent of the Enable Containers field.

You can enter a Knox License Key without enabling Knox containers to activate licenses for Android Enterprise enrolled devices.

If your users have a custom Knox license key and a custom URL that points to an activation server, use the following format to properly configure the device to activate the Knox License Key:



If you no longer need the access to Samsung Knox licenses, you can clear the Knox License Key in the Android Hub Settings page by adding a placeholder value, such as 1111. Clearing the key prevents error messages resulting from invalid or inactive keys being accessed by Hub.

Note: Clearing the key for existing devices may cause devices to lock indefinitely which then requires a factory reset of the device. Use caution when clearing the Knox License Key field.

For using Samsung devices on a closed network, you will need to use a Backward Compatible Key in addition to the Knox License Key to bypass the ELM license activation. Here is the needed information and format for this setting:

Format: KLM#url,BCK

During enrollment, the Workspace ONE Intelligent Hub for Android activates both keys to unlock the premium Knox Platform for Enterprise capabilities and will proceed with enrollment.

You can read up on How to Deploy Corporate Owned Android Devices on a Closed Network on VMware docs.

Enable Audit Logging

Select Enabled to turn on audit logging and the related settings below.

The Workspace ONE UEM console has the ability to monitor errors that might prevent successful creation of the Knox container. The log provides the cause of the error and what needs to be resolved for successful Knox deployment.

The audit logs are sent to the UEM console from the Knox enabled devices and stored in the Device Details page. The Transmits Logs Automatically setting determines the threshold at which the log file is reported to the device details.

Logging Level

Determines how severe an error has to be in order for it to be sent to the log file. The logging levels are listed in order or severity where notice is the least severe and alert is the highest.

  • Alert
  • Critical
  • Error
  • Warning
  • Notice
Critical Log Size Enter a percentage (up to 70 percent) to define the critical log size. When the log file passes this percentage, a critical log size alert is sent to the admin.
Maximum Log Size Enter a percentage (up to 90 percent) to define the maximum log size. When the log file passes this percentage, a maximum log size alert is sent to the admin.
Full Log size Set to 97 percent by default. When the log file reaches this percentage, a full log size alert is sent to the admin and immediate action is required.
Transmits Logs Automatically

Determines when the audit logs are to be transmitted to the console to notify the admins of errors.

  • Never – The log file will never be sent transmitted to the console.
  • Critical – The log file needs be at critical size to be transmitted to the console.
  • Maximum – The log file needs be at maximum size to be transmitted to the console.
  • Full – The log file needs be at full size to be transmitted to the console.
Table 1. Location
Setting Description
Collect Location Data Enable to allow the to determine the device location based on a device's Wi-Fi network. When available, the Workspace ONE Intelligent Hub will report the location to the Workspace ONE UEM console using the Data Transmit Interval.
Force GPS On Prevent the user from turning off GPS for certain devices.
GPS Time Poll Interval (min) Enter the interval, in minutes, for which a time sample gets signaled. The minimum time is five minutes.
Location Data Accuracy This settings allows you to configure how location data is collected from the Workspace ONE Intelligent Hub while deciding how to use the battery power.

Balanced: Provides the best balance of power and accuracy with about 100 meters of accuracy.

High Accuracy: Provides the best possible accuracy, but requires the most power.

Low Power: Requires a lower amount of power with about 10 kilometers of accuracy.

No Power: Provides the least amount of accuracy and requires no power.

For Location services: If your device is in power saving mode, the location data might not be updated during Doze Mode. You will need to use the Restrictions profile in the UEM console and add **Allow Location Service Configuration** to the allow list or use OEM Config to disable Doze mode entirely.


Enable specific Telecom settings like Call Logs, SMS Logs and Cellular Data Usage to allow logging and tracking of device use.

Setting Description
Enable Call Logs Collects information from incoming and outgoing phone calls made devices registered with Workspace ONE UEM.
Enable SMS Logs Reports that log any incoming and outgoing SMS messages to devices.
Enable Cellular Data Usage Allows the Workspace ONE UEM console to create reports which details data usage.

Suspicious Activity Logs

When Suspicious Activity Log settings are enabled, devices will log every Bluetooth and USB connection that occurs except Bluetooth headsets and USB charging. To access Suspicious Activity Logs, Syslog settings must be correctly configured. For more information on Syslog configuration, see System / Enterprise Integration / Syslog

Setting Description
Bluetooth Connections Logs all bluetooth connections made except for Bluetooth headsets.
USB Connections Logs all USB connections made except for USB charging ad USB headsets.

You must also enable Privacy and Location settings under Devices & Users > General > Privacy under the GPS section.

AirWatch Cloud Messaging

AirWatch Cloud Messaging (AWCM) provides an internal communication solution for the entire Workspace ONE UEM solution as a comprehensive replacement for Google Cloud Messaging (GCM).

Setting Description
Use AWCM Instead of C2DM As Push Notification Service Set to Enabled to enable AWCM.
AWCM Client Deployment Type. Set to Always Running if you want the system and device have a constant and ongoing line of communication.
AWCM Client Timeout Value (Mins) Determines how much idle time can pass before the client responds to the AWCM server.

Remote Management

Remote Management allows you to directly control a device for troubleshooting or to ensure a device is properly provisioned.

Setting Description
Download Remote Control Cab Select this link to download the cabinet (CAB) installer file for Workspace ONE UEM Remote Management.
Seek Permission

Enable Seek Permission if you want to prompt the end user to accept or decline the remote management request from the admin.

  • Enter a Seek Permission Message that the end user sees when a remote request is sent.
  • Enter the Yes Caption message for the accept button the end user sees on the Seek Permission request.
  • Enter the No Caption message for the decline button the end user sees on the Seek Permission request.

Product Provisioning

  • Job Log Level – A job occurs whenever files/actions are performed as part of product provisioning. With this setting, you can set the level of the job log level to meet your organization's logging level needs.

SDK Profile

Enterprises can integrate any existing company specific apps with the use of an AirWatch Software Development Kit (SDK). Select which SDK profile to deploy to your devices by using the SDK Profile V2 option in the Workspace ONE Intelligent Hub settings.

  • SDK Profile V2 – Select the profile that will provide the Workspace ONE Intelligent Hub with the SDK settings configured for that organization group.
  • Child Permission – Select the available behavior of child organization groups that exist below the currently selected organization group. Inherit only means child OGs are only allowed to inherit these settings. Override only means they override the settings, and Inherit or Override means you can choose to inherit or override settings in child OGs that exist below the currently selected OG.