Android Factory Reset Protection

Note This section applies to devices enrolled with Sophos Mobile in Android enterprise device owner mode.

Android devices include the Factory Reset Protection (FRP) security feature. When a Google account is set up on a device, the account credentials are required to unlock the device after it was reset to its factory settings.

Devices enrolled with Sophos Mobile in Android enterprise device owner mode are not secured by FRP by default because there is no Google account set up on the device. To use FRP for these devices, configure one or more Google accounts to be assigned to all of your devices. When a device is reset with FRP turned on, it can only be unlocked by one of these accounts. See Configure Android Factory Reset Protection.

When you have configured FRP, devices are protected as follows:

  • Local reset: When the device is reset in the Settings app or by using the device hardware buttons, FRP is turned on by default. To change this behavior for individual devices, use the Set Factory Reset Protection device action. See Turn Android Factory Reset Protection on or off.

  • Remote reset: When the device is reset remotely in Sophos Mobile Admin, FRP is turned off by default. To perform a remote reset with FRP turned on, select Turn on Factory Reset Protection in the wipe confirmation dialog. See Wipe device.