Back to top

How to configure Factory Reset Protection in Knox Manage

Last updated July 26th, 2023



  • Knox Manage (KM)
  • Android Enterprise Device Owner (AE DO) mode


Android Enterprise supports Factory Reset Protection, which protects your company devices from unauthorized use in case of theft or loss. This knowledge base article explains how to enable Factory Reset Protection on AE DO devices enrolled in Knox Manage (KM).

Setting the lock screen policy in Knox Manage

While Factory Reset Protection can be configured without setting a lock screen, our recommendation is to set a password or PIN lock.

Factory Reset Protection only blocks factory resets initiated through the bootloader, and does not prevent a user from factory resetting through the device’s settings. Configuring a lock screen policy ensures you are protected against both methods.

You can set a lock screen in KM through Profile > Android Enterprise > Security. For detailed instructions on how to create, manage and assign a profile, see the KM admin guide.

Configuring Factory Reset Protection in Knox Manage

  1. In your KM console, go to Profile > Factory Reset Protection and set the policy to Allow.

  2. Navigate to the Google Developers API documentation.

  3. In the upper right corner, click Sign In.

  4. Sign in with the Google Account you want to manage your devices under.

  5. In the right sidebar, under Try this API, enter people/me under resourceName, and metadata under personFields.

  6. Click Execute.

  7. The results of your query are shown below. Locate the ID entry and copy the numeric string to your clipboard.

  8. In your KM console, navigate to Profile > Factory Reset Protection.

  9. In the Google Account ID field, enter your Google Account email.

  10. In the Google User ID field, enter the numeric string you copied in Step 7.

  11. Click the “+” button and save the profile.

After the device is reset and restarted, Factory Reset Protection is activated and the user must sign in with the Google Account they previously used on the device.

Additional information

To enhance your password policy settings, see How do I lock a device enrolled in Knox Manage after too many unsuccessful login attempts ?

Is this page helpful?