Create a factory reset protection profile Skip Navigation

Create a factory reset protection profile

  1. In the management console, on the menu bar, click
    Policies and profiles > Managed devices > Protection > Factory reset protection
    .
  2. Click The Add icon.
  3. Type a name and description for the profile.
  4. In the
    Factory reset protection setting
    drop-down list, click one of the following:
    • Disable factory reset protection
      : If you disable factory reset protection, users are not prompted to enter a
      Google
      user ID after the device is reset to factory settings. This option is supported for
      Android Enterprise
      devices (
      Work and personal - full control
      and
      Work space only
      ).
    • Enable and use previous Google account credentials when the device is reset to factory settings
      : This is the default option. If the user resets the device to factory settings using an untrusted method and a
      Google
      account existed on the device before it was reset, the account must be verified after the device is reset to factory settings. Note that if your organization uses a managed
      Google
      account structure, a
      Google
      account will not exist on the device and factory reset protection will not be available on the device. This option is supported for
      Android Enterprise
      devices (
      Work and personal - full control
      and
      Work space only
      ).
    • Enable and specify Google account credentials when the device is reset to factory settings
      : Select this option to specify the
      Google
      account that must be used to log in to the device after an untrusted factory reset. If you select this option, the user's personal
      Google
      account credentials can't be used after a factory reset. This option is supported for
      Android Enterprise
      and
      Android Management
      devices (
      Work and personal - full control
      and
      Work space only
      ).
      If you want to use a managed
      Google Play
      account, in the IT policy assigned to users, turn off the "Allow factory reset" option. This disables the factory reset option in the device settings and disables the deactivate button in the
      UEM Client
      . This ensures that users do not use the untrusted deactivation option in the
      UEM Client
      that triggers factory reset protection on the device.
  5. If you selected
    Enable and specify Google account credentials when the device is reset to factory settings
    , click The Add icon and do one of the following to add
    Google
    accounts (you can add up to 20):
    • To use
      Google
      authentication, click
      Add using Google authentication
      and sign in to the
      Google
      account that you want to use to log in to devices that have been reset.
    • To specify accounts manually, click
      Manual
      . Specify the email address and
      Google
      ID. To obtain the
      Google
      ID, do the following in the
      Google
      developers People API site:
      1. For the
        resourceName
        , type people/me.
      2. For the
        personalFields
        , type metadata.
      3. Click
        Execute
        .
      4. On the
        Choose an account
        screen, select an account to use to set up the factory reset protection profile.
      5. On the
        Google APIs Explorer wants to access your Google Account
        screen, click
        Allow
        .
      6. On the
        People ID
        page, note the 21-digit user ID.
  6. If you selected
    Enable and specify Google account credentials when the device is reset to factory settings
    and your organization has a
    Google Workspace
    or
    Google Cloud
    domain, select
    Add a Google account created by BlackBerry UEM
    if you want to include the user's work
    Google
    account in the list of accounts that can unlock the device after a factory reset.
  7. Click
    Save
    .
  • Assign the profile to users and groups.
  • If necessary, rank the profile.
  • When factory reset protection is triggered on the device, enterprise activation on
    BlackBerry UEM
    will not work. You must first clear factory reset protection using the
    Android
    out-of-box experience. See Clear factory reset protection from a device.