The Android Factory Reset Protection Policy helps you protect company-owned devices in the event they are lost or stolen by preventing unauthorized users from performing a factory reset. You can also control who can unlock a device that has gone through an untrusted factory reset.
A factory reset removes all data from the device.
Prerequisites
- JumpCloud’s Android EMM has to be configured for your org. See Set up Android EMM.
- Your Android devices have to be enrolled in EMM. See Add and Manage Android Devices and Users: Enroll Your Personal Android Device.
- This policy works for fully managed and dedicated devices running Android 5.1 and later.
To create an Android Factory Reset Protection policy:
- Log in to the JumpCloud Admin Portal.
- Go to DEVICE MANAGEMENT > Policy Management.
- In the All tab, click (+).
- On the New Policy panel, select the Android tab.
- Select the Factory Reset Protection policy from the list, then click configure.
- (Optional) On the New Policy panel, enter a new name for the policy, or keep the default. Policy names must be unique.
- For Policy Notes, enter details like when you created the policy, where you tested it, and where you deployed it.
- Under Settings, complete these fields:
- Select Disable Factory Reset to prevent factory resetting fully managed and dedicated devices from the device settings.
- Under Factory Reset Protection, determine if verification is required to unlock a device after it has gone through an untrusted factory reset.
- Select Require Verification to require users to perform account verification via a new Google Admin account.
- Select Disable Verification to skip Google account verification and not provide factory reset protection.
- If Require Verification is selected in the previous step, click Add Email under Google Account Email to enter the Google email addresses of IT admins. If the device is factory reset, the admins specified here will be required log in with their Google account to unlock the device.
If you don’t provide at least one email address in the Google Account Email field, the device will not be protected against a factory reset.
- (Optional) Select the Device Groups tab. Select one or more device groups where you will apply this policy. For device groups with multiple OS device types, the policy is applied only to the supported devices.
- (Optional) Select the Devices tab. Select one or more devices where you will apply this policy.
For this policy to take effect, you must specify a device or a device group in Step 9 or Step 10.
- Click save.