Android Factory Reset Protection (FRP) is a security feature that prevents the use of a device after an unauthorized reset to factory settings. After a wipe, you can take the device into use only with the accounts set on the personal profile of the device before the wipe.
While FRP means protection against the misuse of, for example, a stolen device, it can cause problems when organizations want to hand over a device to a new user. As a solution, administrators can predefine the Google accounts for taking a device into use after a reset. This article explains how you can configure the Google accounts for Factory Reset Protection in Miradore.
- A fully managed Android device (Device Owner).
- Miradore Android client version 2.8.8 or above.
- The paid plan of Miradore.
The Factory Reset Protection is disabled automatically on most devices if the user factory resets the device through its settings. Using configuration profiles in Miradore, you can prevent the factory reset for fully managed Android devices.
When you wipe a device remotely from Miradore, you can choose the fully managed Android device if the factory reset protection is disabled completely. Read more about wiping an Android device remotely.
How to configure Factory Reset Protection?
The FRP settings are part of the Android restrictions configuration profile in Miradore. In this configuration profile, you can specify the settings of Factory Reset Protection that will be enforced on the device. Go to Management > Configuration profiles to add a new configuration profile.
1. Choose Android as a platform and select Restrictions.
2. Go to Account management tab and define the Factory Reset Protection mode.
Options for the FRP mode:
- Not set leaves the FRP setting as it is on the device.
- Disabled disables Factory Reset Protection completely.
- Current accounts allow the accounts set currently on the personal profile of the device to be used after a wipe.
- Predefined accounts allow you to define a list of Google accounts with which a device can be taken into use after a wipe.
3. If you have chosen Predefined accounts as the FRP mode, add at least one Google account for taking the device into use after a wipe.
To ensure that the activation of a device works after a reset, check that all the account IDs you have entered are valid and correct. Otherwise, you might no longer be able to use the device after a wipe.
How to add the Google accounts?
Every Google account has a numeric ID that is needed when predefining accounts for FRP. To get the ID of a Google account, follow the instructions.
1. Sign in to the target Google account with a web browser. If you haven't logged in to any account, you'll need to do so later in the execution phase.
2. Open the link to the People API.
3. Type "me" to the resourceName field and click Execute. A popup opens for Google account selection.
- You might need to grant some access permissions to the Google API Explorer. The API Explorer needs to access the Google account to fetch the account ID.
4. When the execution is complete, you can see the account ID from the response.
Have feedback on this article? Please share it with us!
« Restrictions for Android on work profile and work managed devices
File management »