Enterprise Factory Reset Protection(EFRP)
Factory Reset Prevention (FRP) is enabled by default on devices running Android 5.0 and above. While this helps prevent device theft and improves data security, it causes problems in organizations that provide corporate-owned Android devices to their employees.
When an employee leaves the organization, the IT admin must re-provision the device to hand it over to another employee. Without the device passcode, the admin will have to hard reset the device to erase the data and settings. This will enable FRP and he will have to authenticate with the previous user's Google account to activate the device. Without the Google account, the device cannot be used again. To prevent such situations, with Android 6.0, Enterprise Factory Reset Protection (EFRP) was introduced.
With EFRP, the admin can select a Google account that can be used to activate the devices. This account can be associated with devices by creating profiles in Mobile Device Manager Plus. After configuring EFRP, the user can still choose to provision the devices with personal Google accounts, but when hard reset, the devices can be activated only using the Google account selected by the admin. This ensures the devices are always managed by MDM. This policy is applicable for devices running 6.0 or later versions, provisioned as Device Owner.
In legacy devices, this policy is applicable only when the device is hard reset. This policy is not applicable when device is reset through Settings app. EFRP policy is not applicable for devices which do not support Google Play services.
We have made your job simpler!
Learn how to setup Android Enterprise Factory Reset Protection (EFRP) with MDM, in about 3 minutes through this demo video.
Steps to obtain the Account ID
Every Google account is associated with an account ID. This account ID is authenticated when the account details are entered into the devices. The admin needs to enter both the Google account and ID into Mobile Device Manager Plus. Follow the steps given below to obtain the Google ID associated with any account.
- Go to this link and enter "me" under userID and click on Execute.
- Provide your Google account, if prompted. It is to be noted that this is the account which will be used in case of FRP-locked devices. The 21-digit number present against id is your account ID, which is to be used in MDM.
Policy Description
FEATURE | DESCRIPTION | SUPPORTED ON | ||
---|---|---|---|---|
LEGACY | PROFILE OWNER | DEVICE OWNER | ||
E-mail address | Specify your Google e-mail address, whose credentials will be used to login in case of FRP | |||
Account ID | Specify the account ID generated previously as explained here |
You can add multiple Google accounts to the same EFRP policy, in case there are multiple admins or devices are spread across multiple locations, with each having their own IT admin.