Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enabling AFW's factory reset protection

DamonBCSA
Comes here often
‎May 13 2020 10:05 PM
‎May 13 2020 10:05 PM

Enabling AFW's factory reset protection

Hey there, I'm relatively new to the Meraki MDM, having previously used Airwatch and MobileIron, so I'm not totally new to the world of MDM.

 

Our current policies and settings are fine and prevent anyone resetting the device once Meraki is installed an enabled via the settings menu. However I've recently discovered that even though we are registering the devices in Device Owner mode and the AFW account is enabled, that if a phone is reset via hard reset using the Android Recovery option, that you can then just register the phone again as anyone.  

 

After some trawling through these forums I've found out that Meraki have disabled Factory Reset Protection for AFW by default sometime in 2018 as per this posting https://community.meraki.com/t5/Endpoint-Management-Systems/Disable-factory-reset-protection/m-p/111...

 

My question is how can I either setup AFW's factory reset protection to default on, or at the very least, re-enable it so if a device is stolen/lost (or in our case some mischievous clients) and they do a reset that the device can't be setup again and/or they need to contact our IT department to reconfigure the phone so we can get it back in the MDM.

 

cheers

 

 

Labels:
0 Kudos
Subscribe
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 14 2020 1:39 AM
‎May 14 2020 1:39 AM

For "vanilla" Android I don't believe there is any way to prevent the full device reset.  I've never been able to do it.  I have used that specific feature when a phone has been accidentally bricked by locking it down too much and then cutting off its access to the Internet to get new policies.

 

I believe you can do this on Samsung phones using the Samsung Knox feature.  Never tried it.

0 Kudos
Subscribe
In response to PhilipDAth
DamonBCSA
Comes here often
‎May 14 2020 3:48 PM
‎May 14 2020 3:48 PM

Hey PhillipDAth, thanks for the reply, I didn't mean I want to lock the phone down to stop accessing the boot loader menu options. i'm talking about the factory reset protection ie. when you go to register the device and put your email address in, it verifies your account against what was registered as the owner account on the phone before it was reset. ie. at the point where we put in afw#meraki

From the link I provided, it looks like Meraki has disabled this option at the backend by default, which is good for those people who no longer have access to the email account that was used to register the device, but it's bad if the device is lost/stolen and you want to stop someone using the phone again. I never had to look for this option in either Airwatch or Mobileiron to see if it could be activated/deactivated from the MDM side as it was just always on by default, which Meraki apparently changed from On by default to Off by default back in 2018 according to my link in the original post.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.