Back to top
Home / Knox Mobile Enrollment / How-to guides / Android Enterprise (Advanced) profiles /

Lock and unlock devices

Last updated September 18th, 2023

Knox Mobile Enrollment advanced profiles let you lock and unlock one or more devices. With the ability to lock lost or stolen devices and unlock devices in offline environments, advanced profiles help you protect your data in such adverse scenarios.

Lock devices

On the Advanced profile assigned tab, you can simultaneously lock or unlock one or more devices:

  1. Select the devices you want to lock or unlock.
  2. Click Actions.
  3. Toggle Lock if you want to lock devices, or Unlock if you want to unlock them. The device status updates immediately.

Check the device lock status

On the Advanced profile assigned tab, there are four possible device lock statuses:

  • Locked — The device is locked.
  • Unlocked — The device is unlocked.
  • Locking — The device is in the process of locking.
  • Unlocking — The device is in the process of unlocking.

Toggle the Lock or unlock switch

The device lock controls are color-coded to relay status information to you at a glance:

Status Switch label Switch color
Unlocked Unlocked label is bold Green
Locking (or Unlocking) No label is bold Yellow
Locked Locked label is bold Red

Unlock devices using a PIN

Devices that are assigned advanced profiles can be unlocked in highly secure offline environments using a one-time PIN generated by Knox Mobile Enrollment. On the Devices page, if the device profile status is Unenrolled and the device lock status is Locked:

  1. Select a device IMEI and click PIN.

  2. In the Unlock device dialog, enter the 8-digit code that is displayed on the device user’s lock screen.

  3. Click Continue to generate a one-time 8-digit PIN.

  4. Share the generated PIN with the device user. The device user enters this PIN to unlock their device.

Recovering a device locked by factory reset protection

Factory reset protection prevents a device from being factory reset without confirmation from its primary Google Account. This feature is auto-enabled on devices running Android 5 or higher. Unauthorized individuals won’t be able to reset such a device, protecting device information even when the device is lost or stolen.

Because the primary profile on a company-owned device is typically a Google Account controlled by the worker who was issued the device, deactivating or reassigning the worker can can thwart efforts to re-initialize the device, because factory reset protection will still require the original worker’s account credentials in order to proceed. As a result, the device might become unusable as an enterprise asset. Fortunately, it’s possible for enterprises to bypass factory reset protection on Samsung devices.

To bypass factory reset protection on a relinquished device:

  1. Ensure that the device is assigned either an Android Enterprise or Android Enterprise (Advanced) profile with the following options:

  2. Factory reset the device.

  3. After the device powers on, select the system language and connect to a Wi-Fi network. The device then prompts you to reboot.

  4. Tap Restart now to reboot the device. The enrollment proceeds without prompting you to enroll with a Google Account.

Is this page helpful?