- 16 Aug 2024
- 3 Minutes to read
- Print
- PDF
Factory Reset Protection
- Updated on 16 Aug 2024
- 3 Minutes to read
- Print
- PDF
When a device is set up using the EMM method, it does provide extra security in the sense that users cannot uninstall the Scalefusion app, but it leaves one gap that users can still Factory reset the device using OEM-specific hardware key combinations.
Factory Reset Protection (FRP) for EMM devices enables an organization to prevent the misuse of devices against unauthorized Factory resets on the devices. So that even if the user factory resets a device, they would still need a pre-authorized set of GMail accounts to complete the setup on the device after factory reset.
This tutorial guides you through the process of setting up Factory Reset Protection (FRP) on your Dashboard and applying it to devices.
Before You Begin
- Make sure you have completed Android Enterprise set up on your account as described here.
- Make sure that you have enrolled the devices using afw#mobilock or Six (6) times tap method.
- The latest Scalefusion Android client has been updated on the device.
- Have a Google Plus/Gmail account that can be used for activation.
How It Works
In brief,
- On Dashboard, you can configure multiple Google Plus accounts that you want to use for FRP.
- Once FRP is activated, when a device is factory reset, ONLY the accounts configured on the Dashboard can be used to set up the device. The user cannot enter any other account. They cannot also Skip the GMail setup after the device is Factory reset.
When does FRP Work?
Factory Reset Protection or FRP works when an EMM device is factory reset in the following two ways,
- When the device is factory reset using OEM-specific hardware keys.
- When the device is factory reset from the Dashboard.
Setting up the Devices to Support FRP
- If you have previously set up your device using afw#mobilock, then push the latest Scalefusion version from Dashboard and wait for the device to complete updating the Sclaefusion client.
- On a new device or a factory reset device, start setting up using afw#mobilock as described here. This will download the latest client.
Configuring and activating FRP on the Dashboard
- Navigate to Device Profile & policies > All configurations > Android Utilities > Factory Reset Protection
- Read the quick start guide and Click on CONFIGURE
- You will be shown a Dialog informing you that, At this point, you will be redirected to the Google Authentication page, where you would need a Google Plus/Gmail account. Click OK.
- On the Google Authentication page, either Choose the account that you want to use for FRP activation OR login with a new account. Follow the on-screen instructions to complete the login.
- Once the login is complete, you will be redirected to the Scalefusion Dashboard, displaying the account that was added with the ACTIVATE FRP button on top.
- Click on ACTIVATE FRP. This will activate the FRP and will sync the email IDs that you have added till now with the devices.
- You can add more accounts if you want to protect the devices with more accounts. To do this, click on the ADD MORE GOOGLE+ ACCOUNT button.
Deactivating one Account from FRP
If you don't want to use a particular Google Account to be used for FRP, click on the Deactivate icon next to it, and that account will be removed from the FRP list on the device.
Deactivating FRP from All Devices
To Deactivate FRP completely from all the devices, click on the DEACTIVATE FRP button. All the devices that have internet and received the Push message will update the FRP list on the device so that they can be factory reset and used normally.
What to do If you are not able to set up a device normally after a Factory reset?
- If you have Activated FRP, then you need to use one of the emails configured on the Dashboard to start setting up the device.
- If you have changed the password of the Google account within the last 24 hours, then you need to wait for a day.
- If you have Deactivated FRP, and even then, the device is not allowing to set up, then the device might not have received push. Please try with one of the email accounts configured on Dashboard.