Managing factory reset protection for 

Android Enterprise

 devices

You can use the factory reset protection profile to control the factory reset protection feature for your organization’s 

Android Enterprise

 devices that have been activated using the 

Work space only

 and 

Work and personal - full control

 activation types.

Factory reset protection requires an 

Android

 device user to enter their 

Google

 account credentials to unlock a device that has been reset to factory settings. It is enabled by default when a user adds a 

Google

 account to the device. This profile allows you to disable factory reset protection or specify a user account that can be used to unlock a device after it has been reset to factory settings.

This profile provides three options:

You can disable factory reset protection. If you disable factory reset protection, anyone can reset a lost or stolen device to factory settings and begin using the device. This option is useful if a known user has forgotten their 
Google
 account credentials or if you need to reset a device owned by your organization that has been returned to you.
Users can use 
Google
 account credentials that are already associated with the device after a factory reset. This is the default behavior. If a device is reset to factory settings, the user must log into the device using  
Google
 account credentials that are already on the device. This prevents someone with a lost or stolen device from resetting and using it themselves.
You can specify 
Google
 account credentials that a user can use to log into the device after it has been reset to factory settings.This option allows your organization to control who can log into a device after it is reset to factory settings. 
BlackBerry
 recommends that you only use this option if you fully understand the device user experience.