Forum Discussion
Solved
Factory Reset Protection and Captive Portals
A bit of background on this, we're currently moving to use COPE Enrolment for all of our devices after using BYOD Enrolment for devices purchased by our org.
Utilising BYOD we had issues with users signing into their gmail accounts and leaving the business and we were locked out of the device by Factory Reset Protection (We've used Knox Mobile Enrolment to solve this). This all made sense as it was a BYOD device and for consumers etc it makes a lot of sense.
The problem we've encountered is even with COPE enroled devices, if a user doesn't remove their gmail account from the personal profile before resetting the device when the device is used again you're unable to use a Captive Portal network for setup again and this error message is received - "Unable to sign in to Wi-Fi AP. An unauthorised factory reset has been performed on this device. the sign-in screen cannot be accessed."
Even after enrolling the device using a WPA2/3 Network and signing in with the google account in question and manually removing it then resetting the device we still have this issue, it's as if the FRP flag gets set and isn't being removed for some reason.
It seems odd any network and even cellular allows you to continue but a captive portal connection doesn't.
Has anyone else encountered this issue?
Thanks.
In case anyone else sees this, this has been resolved with Android 14.
Knox Mobile Enrollment 23.12 release notes | Samsung Knox Documentation
Have you considered using a combination of Zero Touch + disabling factory reset on these devices?
Zero Touch will force enrolment into your EMM, and disabling factory reset will only let user reset using the device recovery mode.
It should be easier than having to manage FRP.
Hi Jeremy,
We're utilising Knox Mobile Enrolment today as we have Samsung devices, to clarify also our EMM is Intune, we wouldn't disable factory reset as we need a method for users to reset devices on their own if required. I also thought Device recovery mode doesn't let you bypass FRP?
Also would we not have the same issue with Zero touch? This issue happens before we even have a network connection.
Thanks for your help.
Zero Touch will prevent device use if the device is not enrolled with an EMM.
For example, if you setup your device offline, as soon as the device connects to internet, it will force the user to wipe the device and start again.
Regarding Device recovery mode and FRP, it won't let you bypass FRP you're correct.
You should probably escalate through Intune & KME, that will be the proper channel to get support with your issue and escalate through Samsung, Intune and Google.
Can't make calls
In case anyone else sees this, this has been resolved with Android 14.
Knox Mobile Enrollment 23.12 release notes | Samsung Knox Documentation
This is invasion of privacy!
How to solve this problem if my another Samsung is like that problem how to remove this and how to sign in on my device?
