A security feature called Android Factory Reset Protection (FRP) stops a device from being used after an unauthorized factory reset. You can only use the device after a clean with the accounts previously configured on the personal profile of the device.
A security feature called Factory Reset Protection (FRP) makes sure that if your phone is lost or stolen, it cannot be quickly reset by someone else. FRP has been a part of stock Android since Android Lollipop, which is automatically activated after you have added a Google account to Android. This is important since it makes a stolen phone more challenging, deterring someone from stealing a corporate device. The screen will show the message of signing in with the previous account synced on this mobile, making the phone useless.
When you perform a Factory Data Reset, all settings are returned to the factory default settings. All data is erased, including files and downloaded apps.
If it's a personal Android phone, then can erasing it or doing a factory reset is a relatively simple task. You need to go to settings and initiate a full factory reset. On the other hand, for a corporate device, the option to allow/block a user to do a factory reset is controlled through MDM restrictions. However, a hard reset can still be performed if you have not configured FRP, and this is a risk of losing your corporate data and device.
If you have a Google account set up on the device, resetting it will require you to log in with your username and password. If you have multiple Google accounts set up on the device, you can log in with any of them. If an unauthorized person tries to reset the device by another method, the device would still require log-in in using the Google username and password. This means that if your device is lost or stolen, another person cannot reset it and use it.
There are various ways to bypass security measures to use a phone, but these methods are usually patched quickly. To legitimately use the phone, you will need to know the login information for the last account.
Using Microsoft Intune, you can easily configure FRP in a few clicks. Steps as below:
admin1@gmail.com;admin2@gmail.com
. These emails only apply when a non-user factory reset is run, such as running a factory reset using the recovery menu.
Google Account ID refers to the 21-digit ID of your Google Account and if you are using Intune as MDM solution then you do not need th ID. However for other MDM solution, to enforce FRP you will need the Google account ID. To find your Google Account ID, head over to Google Developer page by following this link.
The 21-digit ID corresponding to id under application/json is your Google Account ID.
Factory Reset Protection won’t work if the device wipe is authorized (for example,if you perform a device wipe from Settings > Factory data reset). In such cases you may be able to skip Google Account verification during the set-up process.
This behavior is expected. When you do a factory reset on the device through the Settings menu or you wipe the device from Intune in the Microsoft Endpoint Manager admin center, all your data is removed. This includes the Factory Reset Protection (FRP) data.
The only way to do a factory reset on the device without losing the FRP data is through Recovery Mode. It is recommended that you set the Factory reset value to Block to prevent users from using the factory reset option in the device settings.
Then, use one of the following methods when you reset the device to the factory settings:
If you are using Samsung Knox devices and you are in a situation where you are unable to sign-in with the FRP Google account, then you can use the below steps to recover such locked devices:
KME can only be used for Google FRP removal on devices utilizing Knox version 2.7.1 or above.
Ensure the device is assigned a KME profile with the following options properly set:
Disabling FRP is easy. Most phones will do it automatically when you reset the data through the phone's settings. If your phone is a corporate phone with an additional layer of security then you'll need to disable that manually first!
If you try to reset a phone through the bootloader, FRP will kick in too, and it can't be set back up without the previous account's password.
Factory Reset Protection (FRP) is an essential security method designed to ensure that someone can't just wipe and factory reset your corporate devices if they are lost or stolen. As such, which ever MDM solution you are using, you should always enforce this setting.