SOTI Pulse Logo

Best Practices to Prevent Issues with FRP

Solved
V
vingersoll
Sukup

We have been using SOTI for a while now to manage Zebra devices running in kiosk mode.

We want to start using SOTI for company phones issued to employees. I decided to use the company owned personal device enrollment to maintain control while allowing the users to use the device like a personal phone.

I was wondering what the best method is to prevent issues with factory reset protection if the employee is termed and leaves suddenly. If I use the recovery menu to factory reset when there is a pin enabled it prompts for the pin or a google account.

2 years ago
Android
ANSWERS
RC
Raymond Chan Diamond Contributor
2 years ago

When deploying MobiControl profile policy with Enterprise FRP (eFRP) payload to your devices, you can use the SAME one or two controlled Google account(s) (i.e. with password managed by MDM administrators rather than by device end-users) for ALL devices of the company.

Factory reset protection (FRP) or eFRP can be SAFELY disabled if your Zebra devices using Android-Enterprise device agent  are configured to be provisioned via Zero-Touch Enrollment (ZTE) upon any device factory reset. 

Solution
R
Robert
2 years ago

Hi,
You can use a Factory Reset Protection profile configuration to add a Google account that can unlock devices following an factory reset.
There is also an option to disable FRP, but think it is a better option to create an account that can be used for it.

RS
Rafael Schäfer
2 years ago

Just to add one another option:

If you provide an authentication profile where you can enable that the device will be wiped after you entered the pin wrong too often (4-16 times is the range). (Possible to be set for device lock and/or work profile only)
Means: if you get the device back but locked you could just enter the wrong pin so often that a wipe occurs.

But this would include the personal profile/data as well so be carefull with that as you don't want to bother the user.

But i personally prefer it the way Raymond said: Using Zero-Touch registration.
The only bad thing on that is, that the device can be wiped and "used" if it's operating (including enrollment time) in a restricted network with no access to Google services or entirely offline. But this mainly means that the device is somehow useless in that case.

M
MNMOD@SOTI
2 years ago

Hi Vingersoll,

Thank you for posting on SOTI Pulse!

I see that couple of answers are provided. Do any of these work for you? If yes, please feel free to mark the post as Solution that helped you resolve the issue.

Kind regards,

Technical Support Specialist | SOTI | +1 905.624.9828 | SOTI.net l Discussion Forum | Log a Case Online l Facebook l LinkedIn l Twitter 

M
MNMOD@SOTI
2 years ago

Hi Vingersoll,

I have marked the relevant post as solution. If this post did not assist you in resolving the issue and you have additional questions, please do not hesitate to reach out.

Technical Support Specialist | SOTI | +1 905.624.9828 | SOTI.net l Discussion Forum | Log a Case Online l Facebook l LinkedIn l Twitter 

Similar Discussions