Android Enterprise Factory Reset Protection (FRP)
The Codeproof EMM platform offers an Android factory reset protection (FRP) for the managed devices. The enterprise factory reset protection secures the device from the unauthorized factory reset (such as external hardware reset using Volume Key + Power Key). With the enterprise FRP, The MDM administrator can assign a single or multiple google accounts to force authenticate after the unauthorized factory reset. The default built-in consumer factory reset protection is designed to deter device theft by forcing google sign-in after the unauthorized factory reset. However, the built-in consumer factory reset protection relies on active gmail account in the device and it may not work for the below enterprise provisioned scenarios.
1. Devices with no active Gmail account
By Default, The android uses existing google account in the device to authenticate after the unauthorized factory reset. However, in many cases such as Kiosk mode or COSU scenarios, there may not be any gmail account active in the device. In this case the enterprise factory reset protection is required to protect the device from being stolen and re-provisioned.
2. Devices with active Gmail account
In an enterprise environment, even with active user gmail accounts exists in the device, The IT administrator needs end user gmail credentials to authenticate the device after the unauthorized factory reset. However, if the organization doesn’t know an employee’s account credentials ( for example, the employee no longer in the organization), factory reset protection can block the organization’s ability to issue a device to another employee.
Below are the steps to enable the enterprise factory reset protection.
- Login to Cloud Console.
- Go to “Mobile Policy Manager” from the top menu.
- Select a single device or a group of devices from the left pane.
- On right side pane, go to “Enterprise Factory Reset Protection” tab.
- Click on “Enable” check box and then click on “Add Account” to add google accounts. You can add a single or multiple google accounts.
- Hit “Save” to save and publish the policies instantly.
Mobile Policy Editor:
Selecting the Google Accounts:
The below Device Property shows the FRP status in the device.
In the above picture, value “default” means no enterprise FRP account has been added. The device will use user gmail account for factory reset protection.
In the above picture, value “false” means enterprise factory reset protection is disabled in the device.
In the above picture, value contains the account id number indicates that google account has been added as part of the enterprise factory reset protection.