Enabling enterprises to use mobile devices multiple times even with Factory Reset Protection (FRP)
Factory Reset
The Factory Reset option allows removing the complete settings configured on a smartphone. In case a device is stolen, the device is factory reset to remove all previous data and original device owner’s identity including email address and mobile number. This results in a clean device that can be used by anyone.
Factory Reset Protection
Factory Reset Protection (FRP) prevents to use the device if it is factory reset by unauthorized user. During the device setup (after factory reset) it requires the login credentials such as email address and passwords that were configured on the device. This means that if your device is lost or stolen, no one else will be able to reset or use it.
Moreover, if enterprise-managed devices are allotted to the employees for business usage, the devices are configured with email addresses of the employees. If the FRP has been enabled on the devices, it will prevent misuse of the device after factory reset.
How to Setup/Enable Factory Reset Protection
In an organization, devices are allotted to different users based on requirement. For example, when an employee leaves the organization, the device is handed over to another employee for which the factory resetting would be required.
To setup/enable Factory Reset Protection (FRP), ensure the following requirements before you allot a device to an employee.
- Make sure you are using the devices that are Android 6.0 or later.
- The devices must be ADO-enabled.
- You must associate your corporate email account with the Google user ID and assign that policy to the devices. Hence, you need to
- Make sure that thus created policy is applied to the devices and the policy works fine.
How to Generate Google user ID
To generate a Google user ID, follow these steps.
- Navigate to People:get.
- In the Try this API window, configure the following settings.
Setting | Description |
---|---|
resourceName | Enter people/me |
personFields | Enter metadata,emailAddresses (May leave this field empty) |
requestMask.includefield | Leave this field empty. |
Credentials | Enable the following options. · Google OAuth 2.0 · API Key |
- Click Execute.
-
Sign in with your Google account when prompted.
- Make sure you use a corporate email address as a master account before you handover the device to the employee.
- This email account will be used to unlock a device on which FRP is enabled.
-
Select Allow to grant the required permissions.
A 21-digit ID is generated in the application/json tab in the id field.
- Go to the Seqrite mSuite console, associate the Google user ID with the corporate email account, and then apply the policy to the devices.
Associate Google user ID with Corporate Email Account
To associate the Google user ID with the corporate email account in Seqrite mSuite, follow these steps.
- Log in to Seqrite mSuite.
- Navigate to Profiles > Polices.
- Select Add Policy > Add.
- Write a policy name and a description. Click Next.
- On the Edit Policies tab, scroll down until you find the Factory Reset Protection option.
- Enable the Factory Reset Protection option.
- Enter the corporate email address and Google user ID.
-
Click Save.
You can apply this policy to a group. The policy will be applied to all the devices in that group.