Skip to main content
G
GMenzies
Level 2.0: Eclair
October 25, 2023
Solved

Factory Reset Protection and Captive Portals

  • October 25, 2023
  • 6 replies
  • 3 views

A bit of background on this, we're currently moving to use COPE Enrolment for all of our devices after using BYOD Enrolment for devices purchased by our org.

 

Utilising BYOD we had issues with users signing into their gmail accounts and leaving the business and we were locked out of the device by Factory Reset Protection (We've used Knox Mobile Enrolment to solve this). This all made sense as it was a BYOD device and for consumers etc it makes a lot of sense.

 

The problem we've encountered is even with COPE enroled devices, if a user doesn't remove their gmail account from the personal profile before resetting the device when the device is used again you're unable to use a Captive Portal network for setup again and this error message is received - "Unable to sign in to Wi-Fi AP. An unauthorised factory reset has been performed on this device. the sign-in screen cannot be accessed." 

 

Even after enrolling the device using a WPA2/3 Network and signing in with the google account in question and manually removing it then resetting the device we still have this issue, it's as if the FRP flag gets set and isn't being removed for some reason.

 

It seems odd any network and even cellular allows you to continue but a captive portal connection doesn't.

 

Has anyone else encountered this issue?

 

Thanks.

Best answer by GMenzies

In case anyone else sees this, this has been resolved with Android 14.

 

Knox Mobile Enrollment 23.12 release notes | Samsung Knox Documentation

6 replies

J
jeremy
Level 1.6: Donut
October 25, 2023

Have you considered using a combination of Zero Touch + disabling factory reset on these devices?

Zero Touch will force enrolment into your EMM, and disabling factory reset will only let user reset using the device recovery mode.

 

It should be easier than having to manage FRP.

G
GMenziesAuthor
Level 2.0: Eclair
October 25, 2023

Hi Jeremy,

 

We're utilising Knox Mobile Enrolment today as we have Samsung devices, to clarify also our EMM is Intune, we wouldn't disable factory reset as we need a method for users to reset devices on their own if required. I also thought Device recovery mode doesn't let you bypass FRP?

 

Also would we not have the same issue with Zero touch? This issue happens before we even have a network connection.

 

Thanks for your help.

J
jeremy
Level 1.6: Donut
October 25, 2023

Zero Touch will prevent device use if the device is not enrolled with an EMM.

For example, if you setup your device offline, as soon as the device connects to internet, it will force the user to wipe the device and start again.

 

Regarding Device recovery mode and FRP, it won't let you bypass FRP you're correct.

J
jeremy
Level 1.6: Donut
October 26, 2023

You should probably escalate through Intune & KME, that will be the proper channel to get support with your issue and escalate through Samsung, Intune and Google.

S
Subrataonly
New Member
November 6, 2023

Can't make calls 

G
GMenziesAuthorAnswer
Level 2.0: Eclair
January 10, 2024

In case anyone else sees this, this has been resolved with Android 14.

 

Knox Mobile Enrollment 23.12 release notes | Samsung Knox Documentation

L
Lennith
New Member
January 14, 2024

This is invasion of privacy!

G
Gwapoako18
New Member
March 23, 2024

How to solve this problem if my another Samsung is like that problem how to remove this and how to sign in on my device?

Terms & ConditionsCookie settingsAccessibility statement