Factory Reset Protection
When a device is setup using EMM method (afw#mobilock), it does provide extra security in the sense that user’s cannot uninstall the MobiLock Pro app, but it leaves one gap that user’s can still Factory reset the device using OEM specific hardware key combinations.
Factory Reset Protection (FRP) for EMM devices, enables an organization to prevent the misuse of devices against unauthorized Factory resets on the devices. So that even if the user factory resets a device, they would still need a pre-authorized set of GMail accounts to complete the setup on device after factory reset.
This tutorial guides you through the process of setting up Factory Reset Protection (FRP) on your Dashboard and applying it to devices.
Before You Begin
- Make sure you have enabled EMM on your account as described here.
- Make sure that you have enrolled the devices using afw#mobilock as described here.
- MobiLock Pro Android client v3.6.0 has been updated on the device.
- Have a Google Plus/Gmail account that can be used for activation.
How It Works
- On Dashboard you can configure multiple Google Plus accounts that you want to use for FRP.
- Once FRP is activated, when a device is factory reset, then ONLY the accounts configured on Dashboard can be used to setup the device. User cannot enter any other account. They cannot also Skip the GMail setup after the device is Factory reset.
When does FRP Work?
Factory Reset Protection or FRP works when a EMM device is factory reset in the following two ways,
- When the device is factory reset using OEM specific hardware keys.
- When the device is factory reset from the Dashboard.
Setting up the Devices to Support FRP
- If you have previously setup your device using afw#mobilock, then push the latest update v3.6.0 from Dashboard and wait for the device to complete updating the MobiLock client.
- On a new device or a factory reset device, start setting up using afw#mobilock as described here. This will download the latest client.
Configuring & Activating FRP on the Dashboard
- Navigate to Device profile & policies > All configurations > Android Utilities > Factory Reset Protection
- Read the quick start guide and Click on CONFIGURE
- You will be shown a Dialog informing you that, At this point you will be redirected to Google Authentication page, where you would need a Google Plus/GMail account. Click OK.
- In the Google Authentication page, either Choose the account that you want to use for FRP activation OR login with a new account. Follow the on-screen instructions to complete login.
- Once the login is complete, you will be redirected to MobiLock Dashboard , displaying the account that was added with ACTIVATE FRP button on top.
- Click on ACTIVATE FRP. This will activate the FRP and will sync the email id’s that you have added till now with the devices.
- You can add more accounts if you want to protect the devices with more accounts. To do this click on ADD MORE GOOGLE+ ACCOUNT button.
Deactivating one Account from FRP
If you don't want to use a particular Google Account to be used for FRP, click on the Deactivate icon next to it and that account will be removed from FRP list on device.
Deactivating FRP from All Devices
To Deactivate FRP completely from all the devices, click on DEACTIVATE FRP button. All the devices which have internet and received the Push message will update the FRP list on device so that they can be factory reset and used normally.
What to do If you are not able to set up a device normally after a Factory reset?
- If you have Activated FRP, then you need to use one of the emails configured on Dashboard to start setting up the device.
- If you have changed the password of the Google account within the last 24 hours, then you need to wait for a day.
- If you have Deactivated FRP, and even then the device is not allowing to setup, then the device might not have received push. Please try with one of the email accounts configured on Dashboard.