FRP (Factory Reset Protection) might be all well and good but when you have a device where a user had left in anger, their Google account is long gone, trying to recover that device to be reused is seemingly impossible.
Then you get a Samsung device where it has NO custom stock ROM but get the following when trying to enroll.
"The security policy prevents the creation of a work profile because a custom OS has been installed on this device."
So Meraki support checked the logs of the device and thought they might be able to see the issue. They think some files missing from the OS is causing it, but weren't sure. They said try factory resetting which will go back to an old ROM (it doesn't) and that also hasn't helped.
Their next option was to download a stock ROM to the Samsung tablet so it should now be back to stock and no longer flagged as custom.
Nope, that doesn't work either as the only option to get a stock ROM is to backup a known good tablet using TWRP. But the act of putting TWRP onto the tablet causes the ODIN Mode to flag it now as a custom ROM. Then Meraki won't allow you to create a work profile anymore, because of the CUSTOM ROM!!!!
So we have success it getting it back to Samsung Official ROM. It states in Odin Mode it is Samsung Official ROM. Yet, Meraki still WON'T allow it to enroll because it thinks it has a custom ROM on it. It NEVER did and still doesn't!
So Meraki itself is essentially saying the tablet is a brick as can't be used with Meraki anymore so can't be used as a corporate device anymore!
Are there no options to tell Meraki "Yes, you might think it's a custom ROM, it's not, but just enroll it anyway! We understand the risks" but nope, I can't find said option.
Other engineer here pointed out the policies area of Meraki dashboard and I've discovered in there DEVICE IS NOT COMPROMISED was ticked. I've unticked it, 99% sure this is what is causing the enroll issue, but how long before the device will see it? It states 1-2 mins but it's been 10 mins now, rebooted the tablet and it's still saying the same suggesting this policy still isn't seeing the change.