Device orphaned from EMM after failed factory reset
Last updated July 26th, 2023
Categories:
Environment
- Knox Service Plugin
- Third-party EMMs
- Fully managed Android device
Overview
When a device is managed by an EMM and Knox Service Plugin, the admin can configure the Allow Factory Reset Knox Service Plugin policy to prevent the device from being wiped accidentally. However, if the policy is set to Disable and the admin issues a wipe or delete command to the device, rather than wiping the device, the EMM inadvertently unenrolls the device and its policies remain. The device then enters an orphaned state where it remains restricted, and neither the admin nor the device user is unable to remove those restrictions.
Cause
Before delivering a wipe or delete command to a device, not all EMMs check the Knox Service Plugin configuration. As a result, the device can’t be factory reset due to the Knox Service Plugin configuration, and is removed from the EMM console.
Devices enrolled in Knox Manage don’t encounter this issue, as Knox Manage checks the Knox Service Plugin configuration before proceeding with a reset.
Workaround
Before you wipe a device through your EMM, ensure that the Allow Factory Reset policy is set to Enable.
To change this policy:
-
On the EMM console, go to the Knox Service Plugin configuration.
-
Modify the following policy:
- Device-wide policies > Device Restrictions > Allow Factory Reset — Enable.
-
Save and apply your changes to the affected devices.
If this issue has occurred and the devices are restricted, contact your regional Samsung’s customer service center.
On this page
Is this page helpful?