How to prevent users from performing factory reset on Android devices?

Description

Factory Resetting Android devices wipes any content and settings on the phone and resets the device to it's factory settings. In organizations where corporate data is stored and accessed using mobile devices, IT admins must ensure these devices are not factory reset to prevent the loss of corporate data. Another reason why organizations must prevent users from factory resetting Android devices is to ensure the devices are managed at all times, since resetting the device also means all the configurations, apps and contents distributed using MDM will be deleted and the devices will be unmanaged.

Steps

  • On the MDM server, click on the Device Mgmt tab.
  • Select Profiles from the left pane and navigate to Create Profile -> Android.
  • Provide the Name and Description for the profile and click on Continue.
  • Navigate to Restrictions -> Security.
  • Restrict the option Restore Factory Settings.
  • Next, Save and Publish the restrictions profile.
  • It is recommended to test the profile on a test device before associating it with your production environment. You can also associate profiles to groups for which you want to restrict the factory reset option.

NOTE: You can block outgoing calls on Samsung devices and Android devices provisioned as fully managed devices (Device Owner)

Enterprise Factory Reset Protection

Devices running Android 5.0 and above by default support Factory Reset Protection (FRP) which requires the user's Google account credentials upon activating a hard reset device. While FRP is important to reduce mobile theft and strengthen data security, it also causes problems in organizations that provide their employees corporate Android devices. To overcome this challenge, Mobile Device Manager Plus allows organization's to configure Enterprise Factory Reset Protection (EFRP).

With EFRP, organizations can create a common corporate Google account and enter it instead of the user's Google account details to access the factory reset device. This ensures that even if the employee leaves the organization after resetting the device, it can be accessed and re-used by the organization.

Refer this document for the steps to configure EFRP on your corporate Android devices.