Auto factory-reset AMAPI issue

Auto hard reset normally only occurs if devices are enrolled without using Zero-Touch after 2 hours but as you describe it, it happens at your end to already and long time enrolled devices?

We have validated our policies and other given factors also the devices which are in fully compliance are getting hard reset. We can see in GCP console in Android Management API device.delete command is getting call'd in bulk below is the screenshot for reference

But not able to figure out from where and why delete method got triggered

We removed and commented out "device.delete" method from the plugin's code. Despite removing the method, mass hard resets continue to occur.

But disabling the associated service account stops these reset requests. Re-enabling the service account results in the resumption of the "delete" API executions.

Now not sure how to get out of this. Just curious to know do DPC android app has a control to execute device.delete command. And who else other us can execute device.delete command with our service account.

Below are the few this which i'm suspecting.
1. zero touch
2. DPC Google Mobile App

Zero-Touch will only execute factory reset devices when not enrolled using Zero-Touch during enrollment but devices have an assigned configuration in the Zero-Touch-Portal (ZTP). This happens as soon as a device get'S a internet connection and receives that information. Then you have up to 2 hours before a wipe is forced.

I can't say anything to the Google DPC app, as i never used it yet.

If you enroll devices inta an MDM, every user with access to the MDM and relevant permissions in it can send a wipe to (a) device(s).

JilaniShaikh