Since Android 5.1 (Lollipop), Android devices have had so-called Android Device Protection or Factory Reset Protection (FRP). This is automatically activated as soon as a Google account is set up on an unmanaged device. FRP serves as anti-theft protection and becomes active if, for example, an unauthorised person resets the device to factory settings manually and not through the menu. When the device is restarted, it will be necessary to log in using the last Google account used on the device. Without that login, it will not be possible to reconfigure the device.
On MDM devices, FRP is disabled by default because Managed Google Play Accounts do not have classic Google accounts (so email address and password are not known). However, FRP can be enabled with the Policy Factory Reset Protection (FRP). In this How-To we show you how to enable FRP and define up to three Google accounts that can be used to unlock a device after a hard reset.
- Select Control Panel→ Policies in the management console. Click on the plus sign to create a new policy.
- Select Android Enterprise Policies as the policy you want to add.
- Open the Fully Managed Device tab.
- Check the Factory Reset Protection (FRP) checkbox (arrow in illus.) and enter the Google Account IDs and the corresponding email addresses for the Google accounts of up to three administrators.
You then assign the new policy to the users:
- To do so, select the appropriate policy and click on Assign.
- Now select the users, groups or devices to whom you would like to assign the policy.
Note! If a device is reset to factory settings through the management console, FRP will be automatically deleted. So, you are no longer prompted for the Google account to reconfigure the device. However, the situation is different if the device is in lost mode. In that case FRP will not be deleted during a full wipe. That means the device will be unusable if is stolen.
Finding a Google Account ID
- Open the following link in the browser.
- Then click on Execute (arrow in illus.).
- Next, log in with you Google account and, in the Google APIs Explorer wants to access your Google Account window, and click on Allow.
- You will then find your Google Account ID below to the right in the window (arrow in illus.).