This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable Factory Reset while Encrypted

Is there a way to recover or reset devices that have the Factory Reset option disabled, while at the same time being Encrypted with a Secure Startup PIN?  This is a hypothetical case that I am trying to work around to prevent Endusers from Factory Resting devices while keeping the device(s) encrypted, and to address devices being locked out with a forgotten PIN.  

For reference in this case, the devices are consumer grade and do not have the Enterprise management. 



This thread was automatically locked due to age.
Parents
  • Hi  

    Please suggest which Sophos Mobile control product you are using - Sophos Mobile Control On-prem or Sophos Central Mobile?

    If the Factory reset option is correctly set up and disabled for users through Sophos MDM software, users should not be able to reset the device.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi Jasmin, 

     

    We are managing many devices using the Sophos Mobile Device manager housed on-prem.  What I am trying to accomplish is a broad solution to ensure device security. 

     

    Disabling Factory Reset only addresses part of the problem. The issue that comes with that is if a user changes the PIN/Password and I need to reload the device. If factory reset is disabled, the device is Encrypted, and the user forgets their PIN, is there a way to factory reset the device as an admin? 

  • Hi  

    It is possible to reset the device remotely in Sophos Mobile Admin, FRP is turned off by default if you have Android Enterprise. I have checked this internally, as you are not using Android Enterprise, you can go ahead and wipe the device remotely as per this article. Please let us know if you have any further concerns. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • Hi Shweta, 

     

    To confirm, is the Wipe command supposed to work if the device is at the screen "Your tablet is encrypted for security. To start up your device, enter your PIN."?  From my testing it does not, is there a setting that I need to configure to facilitate that? 

     

    To clarify about the issue I'm looking to solve is:

     

    • In the scenario, where a device returns to me and I do not know the PIN.
    • Factory reset is disabled so I cannot reset it from the Android Recovery screen. 
    • Looking for a solution to reset a device given the above Criteria. 
Reply
  • Hi Shweta, 

     

    To confirm, is the Wipe command supposed to work if the device is at the screen "Your tablet is encrypted for security. To start up your device, enter your PIN."?  From my testing it does not, is there a setting that I need to configure to facilitate that? 

     

    To clarify about the issue I'm looking to solve is:

     

    • In the scenario, where a device returns to me and I do not know the PIN.
    • Factory reset is disabled so I cannot reset it from the Android Recovery screen. 
    • Looking for a solution to reset a device given the above Criteria. 
Children