Unable to very Google account after reset due to Android for Work registration

AndrewFinlay
Level 1.5: Cupcake

‎08-30-2023 08:00 AM

1. Device initially set up using afw#setup to register on Intune without Google account

2. Device secured with passcode and given to user

3. User has left, without wiping the device and passcode unknown

4. Wiped the device via recovery mode

5. Setting device up again for new user, now being asked to Very your account

 

We do not know the @android-for-work.gserviceaccount.com account so we cannot get back into the device, essentially bricking it. How do we go about verifying the account?

1 REPLY 1

jasonbayton
Level 4.0: Ice Cream Sandwich

‎08-30-2023 08:13 AM

Those accounts don't have a password you'd be able to input even if you did know it. 

 

Do you permit adding accounts via policy? If so is it possible instead the user has added their own Google account and this is what FRP is locked against? Assuming maybe, you could make contact with the user to assist in the unlock provided the departure is amicable.

 

If not you're going to have to reach out to the OEM for service to have the FRP bit wiped, or if you use Samsung, KME can disable it too. There are means of doing this yourself with Samsung (ODIN) or MTK-powered (flashtools) devices, but that's unofficial.

 

Consider in future - 

  • Wiping from intune rather than hard reset
  • Leveraging the FRP emails option in-policy to whitelist a particular Google account should wiping from intune not be possible. It's not a great API all things considered, but it'll work in a pinch.
0 Kudos