Device orphaned from EMM after failed factory reset

Environment

• Knox Service Plugin
• Third-party EMMs
• Fully managed Android device

Overview

When a device is managed by an EMM and Knox Service Plugin, the admin can configure the Allow Factory Reset Knox Service Plugin policy to prevent the device from being wiped accidentally. However, if the policy is set to Disable and the admin issues a wipe or delete command to the device, rather than wiping the device, the EMM inadvertently unenrolls the device and its policies remain. The device then enters an orphaned state where it remains restricted, and neither the admin nor the device user is unable to remove those restrictions.

Cause

Before delivering a wipe or delete command to a device, not all EMMs check the Knox Service Plugin configuration. As a result, the device can’t be factory reset due to the Knox Service Plugin configuration, and is removed from the EMM console.

Workaround

Before you wipe a device through your EMM, ensure that the Allow Factory Reset policy is set to Enable.

To change this policy:

1. On the EMM console, go to the Knox Service Plugin configuration.

2. Modify the following policy:

   • Device-wide policies > Device Restrictions > Allow Factory Reset — Enable.

3. Save and apply your changes to the affected devices.

If this issue has occurred and the devices are restricted, contact your regional Samsung’s customer service center.