Skip to content

Configure Android Factory Reset Protection

Restriction

These instructions only apply to Android Enterprise fully managed devices.

Factory Reset Protection (FRP) is an Android security feature that ensures a device can only be reset to its factory settings when the Google account credentials are known.

You can configure Google accounts to unlock any Android Enterprise fully managed device that was reset with FRP turned on.

  1. Create one or more Google accounts you want to use for FRP, or use existing accounts.

    Warning

    Make sure you share the account credentials with your organization. These are required to unlock a device that was reset to its factory settings with FRP turned on.

  2. Get the internal Google IDs of your accounts.

    1. Go to https://accounts.google.com/Login
    2. Sign in with the Google account you want to use for FRP. If you’re already signed in with a different account, sign out first.
    3. Go to https://developers.google.com/people/api/rest/v1/people/get
    4. In the Try this API section, enter people/me in the resourceName field and names in the personFields field.
    5. Select Execute.

      This calls the Google API.

      In the response, the internal Google ID is the 21-digit number in a line like the following:

      "resourceName": "people/123456789012345678901"

  3. Sign in to Sophos Mobile Admin.

  4. On the menu sidebar, under SETTINGS, select Setup > Google setup and then the Android Enterprise tab.
  5. Under Factory Reset Protection, select Use FRP.
  6. In Google+ IDs, enter the internal Google IDs of the accounts you want to use for FRP.

    Warning

    If the internal Google IDs you enter in Sophos Mobile Admin are invalid, or if you forget the credentials of the Google accounts, devices become unusable when you reset them to their factory settings with FRP turned on.

  7. Select Save.

FRP is turned on for all your Android Enterprise fully managed devices. This happens the next time a device synchronizes with the Sophos Mobile server.