cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki, custom rom and work profile

Highlighted
Getting noticed

Meraki, custom rom and work profile

Getting more and more annoyed as the days go by.

 

FRP (Factory Reset Protection) might be all well and good but when you have a device where a user had left in anger, their Google account is long gone, trying to recover that device to be reused is seemingly impossible.

 

Then you get a Samsung device where it has NO custom stock ROM but get the following when trying to enroll.

 

"The security policy prevents the creation of a work profile because a custom OS has been installed on this device."

 

So Meraki support checked the logs of the device and thought they might be able to see the issue. They think some files missing from the OS is causing it, but weren't sure. They said try factory resetting which will go back to an old ROM (it doesn't) and that also hasn't helped.

 

Their next option was to download a stock ROM to the Samsung tablet so it should now be back to stock and no longer flagged as custom.

 

Nope, that doesn't work either as the only option to get a stock ROM is to backup a known good tablet using TWRP. But the act of putting TWRP onto the tablet causes the ODIN Mode to flag it now as a custom ROM. Then Meraki won't allow you to create a work profile anymore, because of the CUSTOM ROM!!!!

 

):o(

3 REPLIES 3
Getting noticed

Re: Meraki, custom rom and work profile

So we have success it getting it back to Samsung Official ROM. It states in Odin Mode it is Samsung Official ROM. Yet, Meraki still WON'T allow it to enroll because it thinks it has a custom ROM on it. It NEVER did and still doesn't!

 

):o(

 

So Meraki itself is essentially saying the tablet is a brick as can't be used with Meraki anymore so can't be used as a corporate device anymore!


Are there no options to tell Meraki "Yes, you might think it's a custom ROM, it's not, but just enroll it anyway! We understand the risks" but nope, I can't find said option.

Getting noticed

Re: Meraki, custom rom and work profile

Other engineer here pointed out the policies area of Meraki dashboard and I've discovered in there DEVICE IS NOT COMPROMISED was ticked. I've unticked it, 99% sure this is what is causing the enroll issue, but how long before the device will see it? It states 1-2 mins but it's been 10 mins now, rebooted the tablet and it's still saying the same suggesting this policy still isn't seeing the change.

Meraki Employee

Re: Meraki, custom rom and work profile

Hey @stevenwhiting ... did it eventually update it's configuration status (such that you could get passed the 'compromised' state)? 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels