Create a factory reset protection profile
- In the management console, on the menu bar, clickPolicies and profiles > Managed devices > Protection > Factory reset protection.
- Click .
- Type a name and description for the profile.
- In theFactory reset protection settingdrop-down list, click one of the following:
- Disable factory reset protection: If you disable factory reset protection, users are not prompted to enter aGoogleuser ID after the device is reset to factory settings. This option is supported forAndroid Enterprisedevices (Work and personal - full controlandWork space only).
- Enable and use previous Google account credentials when the device is reset to factory settings: This is the default option. If the user resets the device to factory settings using an untrusted method and aGoogleaccount existed on the device before it was reset, the account must be verified after the device is reset to factory settings. Note that if your organization uses a managedGoogleaccount structure, aGoogleaccount will not exist on the device and factory reset protection will not be available on the device. This option is supported forAndroid Enterprisedevices (Work and personal - full controlandWork space only).
- Enable and specify Google account credentials when the device is reset to factory settings: Select this option to specify theGoogleaccount that must be used to log in to the device after an untrusted factory reset. If you select this option, the user's personalGoogleaccount credentials can't be used after a factory reset. This option is supported forAndroid EnterpriseandAndroid Managementdevices (Work and personal - full controlandWork space only).If you want to use a managedGoogle Playaccount, in the IT policy assigned to users, turn off the "Allow factory reset" option. This disables the factory reset option in the device settings and disables the deactivate button in theUEM Client. This ensures that users do not use the untrusted deactivation option in theUEM Clientthat triggers factory reset protection on the device.
- If you selectedEnable and specify Google account credentials when the device is reset to factory settings, click and do one of the following to addGoogleaccounts (you can add up to 20):
- To useGoogleauthentication, clickAdd using Google authenticationand sign in to theGoogleaccount that you want to use to log in to devices that have been reset.
- To specify accounts manually, clickManual. Specify the email address andGoogleID. To obtain theGoogleID, do the following in theGoogledevelopers People API site:
- For theresourceName, type people/me.
- For thepersonalFields, type metadata.
- ClickExecute.
- On theChoose an accountscreen, select an account to use to set up the factory reset protection profile.
- On theGoogle APIs Explorer wants to access your Google Accountscreen, clickAllow.
- On thePeople IDpage, note the 21-digit user ID.
- If you selectedEnable and specify Google account credentials when the device is reset to factory settingsand your organization has aGoogle WorkspaceorGoogle Clouddomain, selectAdd a Google account created by BlackBerry UEMif you want to include the user's workGoogleaccount in the list of accounts that can unlock the device after a factory reset.
- ClickSave.
- Assign the profile to users and groups.
- If necessary, rank the profile.
- When factory reset protection is triggered on the device, enterprise activation onBlackBerry UEMwill not work. You must first clear factory reset protection using theAndroidout-of-box experience. See Clear factory reset protection from a device.