IBM Security MaaS360

 View Only
  • 1.  HELP Required, device disabled! Cannot remove MDM

    InnerCircle
    Posted Mon January 18, 2021 02:15 PM
    Hi,
    I am reaching out for help in the community as one of our devices has been disabled after the user got his password wrong so many times. I am unable to communicate with the device (Samsung Galaxy Active 1 - SM-T365) as it says 'Device Disabled, Contact your IT administrator'. I cannot factory reset the device as the MDM is preventing this. I have re-flashed the firmware but the device remains as it because I have been unable to get the firmware that wipes the data and instead it has just flashed the stock firmware.

    Is there a piece of software that i could use to put on a Transflash memory card that will remove the Maas360 MDM? or a file to use with ODIN Flash software?


    Any help will be much appreciated, thank you.





    ------------------------------
    Steve Birkett
    ------------------------------


  • 2.  RE: HELP Required, device disabled! Cannot remove MDM

    InnerCircle
    Posted Tue January 19, 2021 04:37 PM
    Edited by Steve Birkett Tue January 19, 2021 04:41 PM
    Solved!

    I flashed some engineers software to the device, wiped the data and re-flashed it with stock firmware. Problem solved and I will now rebuild the device with Maas360 and hand back to the user. It is a real shame that the IBM Maas360 platform disabled the device after failed password attempts, rendering the device useless with no way of rectifying the issues caused. I appreciate this may only affect certain devices and not all devices. Non the less it caused a lot of unnecessary work.


    Steve.

    ------------------------------
    Steve Birkett
    ------------------------------



  • 3.  RE: HELP Required, device disabled! Cannot remove MDM

    Posted Tue January 19, 2021 07:56 PM

    Hi Steve,

    Glad you were able to resolve this.  As for the behavior - this is enforced in Policy under Passcode:

    Lock device on Failed Passcode Attempts
    This is specifically for Samsung devices - if disabled then it will revert to default system settings or a full wipe if policy dictates after 'x' number of failed passcode attempts.

    ------------------------------
    Matt Shaver
    System Architect
    IBM
    mshaver@us.ibm.com
    ------------------------------



  • 4.  RE: HELP Required, device disabled! Cannot remove MDM

    Posted Tue August 31, 2021 05:35 AM
    Hi Matt,

    One of my customers reported this same issue. Is there any way for MaaS360 admin can revert from the portal?. Also, they did not enable failed attempt policy. It's a Samsung device.

    Thanks.

    ------------------------------
    mohanraj
    ------------------------------



  • 5.  RE: HELP Required, device disabled! Cannot remove MDM

    Posted Wed September 01, 2021 02:20 PM

    Lockout features are built in to the OS many times, even if MDM enforces nothing.  If they've put themselves in a situation where the device is locked out and MDM can not be disabled due to policy, there isn't much we can do as our actions (and policy changes) get locked out as well. 

    They may have to flash back to factory settings similar to what was described above, but in worst case scenarios the devices need to be sent back to the manufacturer for recovery. 

    We strongly suggest that the features that harden device management be used sparingly, it's not an everyday use feature because of the kind of behavior seen in this post.  Clients can leverage Factory Reset Protection features as a theft deterrent and zero touch programs to enforce enrollment.  These features provide many of the protections they want with far fewer risks.



    ------------------------------
    Matt Shaver
    System Architect
    IBM
    mshaver@us.ibm.com
    ------------------------------



  • 6.  RE: HELP Required, device disabled! Cannot remove MDM

    Posted 22 days ago
    Hi Steve,

    My customer has gone to MS Exchange and has a handful of users who still have MaaS360 but he isn't subscribed any longer.
    So he can't remove device from MaaS360 portal and I can't find info on unenrollment of a corporate device.

    The phones concerned are Samsung device Model SM-G398FN/DS.

    Please, I would like to know what software you used to flash stock firmware on Samsung device.
    Do you think this will solve my client's issue? Otherwise what can you advise me?

    Regards,
    Youssouf CHAMAOUN

    ------------------------------
    Youssouf Chamaoun
    ------------------------------



  • 7.  RE: HELP Required, device disabled! Cannot remove MDM

    Posted 22 days ago
    Hi Youssouf
    I'm not sure the firmware issue is required, you would only find that software on the Samsung website. 
    The device should be able to be removed via the MaaS360 portal using Remove Control, if he still has access to it. 
    Otherwise the simplest thing would be to remove the control manually which can be done from inside the MaaS360 app on the device. 
    This is done by going to the top-right, tapping on the 3-dot button and selecting the option "Remove Control". 
    Please beware that if the device is enrolled into Android Enterprise in Device Owner mode it will trigger a full device wipe. 
    If this doesn't work the final option is to remove the control from device settings (Settings > Security  > Device Administrators > MaaS360 > Remove Control). Please note the menu options may vary per OS version. 
    Best of luck with this. 


    ------------------------------
    Eamonn O'Mahony
    Technical Client Success Manager
    IBM Security
    Dublin, Ireland
    ------------------------------