Get the PDF

Create a factory reset protection profile

In the management console, on the menu bar, click

Policies and profiles > Managed devices > Protection > Factory reset protection

Click

Type a name and description for the profile.

In the

Factory reset protection setting

drop-down list, click one of the following:

Disable factory reset protection

: If you disable factory reset protection, users are not prompted to enter a

Google

user ID after the device is reset to factory settings. This option is supported for

Android Enterprise

devices (

Work and personal - full control

and

Work space only

Enable and use previous Google account credentials when the device is reset to factory settings

: This is the default option. If the user resets the device to factory settings using an untrusted method and a

Google

account existed on the device before it was reset, the account must be verified after the device is reset to factory settings. Note that if your organization uses a managed

Google

account structure, a

Google

account will not exist on the device and factory reset protection will not be available on the device. This option is supported for

Android Enterprise

devices (

Work and personal - full control

and

Work space only

Enable and specify Google account credentials when the device is reset to factory settings

: Select this option to specify the

Google

account that must be used to log in to the device after an untrusted factory reset. If you select this option, the user's personal

Google

account credentials can't be used after a factory reset. This option is supported for

Android Enterprise

and

Android Management

devices (

Work and personal - full control

and

Work space only

If you want to use a managed

Google Play

account, in the IT policy assigned to users, turn off the "Allow factory reset" option. This disables the factory reset option in the device settings and disables the deactivate button in the

UEM Client

. This ensures that users do not use the untrusted deactivation option in the

UEM Client

that triggers factory reset protection on the device.

If you selected

Enable and specify Google account credentials when the device is reset to factory settings

, click

and do one of the following to add

Google

accounts (you can add up to 20):

To use

Google

authentication, click

Add using Google authentication

and sign in to the

Google

account that you want to use to log in to devices that have been reset.

To specify accounts manually, click

Manual

. Specify the email address and

Google

ID. To obtain the

Google

ID, do the following in the

Google

developers People API site:

For the

resourceName

, type people/me.

For the

personalFields

, type metadata.

Click

Execute

On the

Choose an account

screen, select an account to use to set up the factory reset protection profile.

On the

Google APIs Explorer wants to access your Google Account

screen, click

Allow

On the

People ID

page, note the 21-digit user ID.

If you selected

Enable and specify Google account credentials when the device is reset to factory settings

and your organization has a

Google Workspace

Google Cloud

domain, select

Add a Google account created by BlackBerry UEM

if you want to include the user's work

Google

account in the list of accounts that can unlock the device after a factory reset.

Click

Save

Assign the profile to users and groups.

If necessary, rank the profile.

When factory reset protection is triggered on the device, enterprise activation on

BlackBerry UEM

will not work. You must first clear factory reset protection using the

Android

out-of-box experience. See Clear factory reset protection from a device.

Section:

Managing factory reset protection for Android Enterprise and Android Management devices