Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 7 subscribers
  • Views 3374 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable Factory Reset while Encrypted

Brian Lupfer

Is there a way to recover or reset devices that have the Factory Reset option disabled, while at the same time being Encrypted with a Secure Startup PIN?  This is a hypothetical case that I am trying to work around to prevent Endusers from Factory Resting devices while keeping the device(s) encrypted, and to address devices being locked out with a forgotten PIN.  

For reference in this case, the devices are consumer grade and do not have the Enterprise management. 



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Please suggest which Sophos Mobile control product you are using - Sophos Mobile Control On-prem or Sophos Central Mobile?

    If the Factory reset option is correctly set up and disabled for users through Sophos MDM software, users should not be able to reset the device.

  • 0 in reply to Jasmin

    Hi Jasmin, 

     

    We are managing many devices using the Sophos Mobile Device manager housed on-prem.  What I am trying to accomplish is a broad solution to ensure device security. 

     

    Disabling Factory Reset only addresses part of the problem. The issue that comes with that is if a user changes the PIN/Password and I need to reload the device. If factory reset is disabled, the device is Encrypted, and the user forgets their PIN, is there a way to factory reset the device as an admin? 

  • 0 in reply to Brian Lupfer

    Hi  

    It is possible to reset the device remotely in Sophos Mobile Admin, FRP is turned off by default if you have Android Enterprise. I have checked this internally, as you are not using Android Enterprise, you can go ahead and wipe the device remotely as per this article. Please let us know if you have any further concerns. 

  • 0 in reply to Shweta

    Hi Shweta, 

     

    To confirm, is the Wipe command supposed to work if the device is at the screen "Your tablet is encrypted for security. To start up your device, enter your PIN."?  From my testing it does not, is there a setting that I need to configure to facilitate that? 

     

    To clarify about the issue I'm looking to solve is:

     

    • In the scenario, where a device returns to me and I do not know the PIN.
    • Factory reset is disabled so I cannot reset it from the Android Recovery screen. 
    • Looking for a solution to reset a device given the above Criteria. 
  • 0 in reply to Brian Lupfer

    Hi  

    Could you please suggest what is the Operating system of the tablets which you are using and how you have encrypted them?

    With the help of any encryption management software which can work at the enterprise level?

  • 0 in reply to Jasmin

    The devices are all Galaxy Tab E8.0 with either Android 7.1.1 or Android 8.1.0. 

    They are all encrypted with the built in Encryption on the devices but unfortunately, the devices are not Enterprise grade. 

  • +1 in reply to Brian Lupfer

    Hi  

    I have checked this with our Support team and it seems the wipe command only works if the operating system is booted and the SMC client is working. So if the factory reset is disabled, the device is encrypted, to factory reset as admin it might be possible via the device manufacturer or if you type the PIN wrong too often. Unfortunately, there are no settings or commands available to do via the Sophos mobile dashboard.

  • 0 in reply to Shweta

    Thank you Shweta, 

     

    This is not what I was hoping to hear but it is an answer to my questions. 

Reply Children
No Data