Cannot create a work profile The security policy prevents the creation of a managed device because a custom os is or has been installed on this device

Question

I have 5000 devices enrolled with EMM using android management API and recently I am getting issues with multiple devices out of nowhere and getting and error prompt after scanning the QR code on re-enrollment. All of my enrolled devices are Samsung Tab with the older version of android(7-9) and the issue doesn't seem to be related to the android version. Also, The issue has been experienced for the device which was earlier enrolled and was working fine but recently has this issue, we tried re-enrolling it but it gives us the same following error prompt after QR scan.

Cannot create a work profile - The security policy prevents the creation of a managed device because a custom os is or has been installed on this device

For your kind information, there is no custom os installed on the device and the device is not rooted or bootloader is not unlocked. I have researched a lot over the internet but cannot find a solution to the problem I have tried following approaches but it doesn't seem to work in my case

1. To fix this, you will need to update the time on the device by either connecting to wifi or cellular data (insert SIM-card), or by manually changing it in the set-up screen. After this is done you will be able to provision the device.
2. Tried DPC Identifier method for enrollment, When prompted to sign in on fresh factory reset device, enter afw#setup, which downloads Android Device Policy. Scan a QR code or manually enter an enrollment token to provision the device.

None of the above seems to work for me, I have also seen that its an issue related to Samsung Knox version, so can anyone from Samsung or google help me debugging and solving this issue, will removing the Knox app from the device work in my case.

Eagerly awaiting for the response as most of my device has started getting affected with this issue, please let me know your thoughts and resolution on this.

Answer 1

Not sure if that's an option for you as you have multiple devices, but on my single device, manually downloading and installing "google apps device policy" resolved the issue.

Answer 2

Been a lurker for a while and posting for the first time Work as IT helpdesk and found a fix for us (context below)

• We use Azure, InTune and Samsung Knox
• Needing to assign a Knox profile so an application installs and runs

How we fixed this

• Unassigned Knox profile
• Ran tablet normally, skipping setup of Google, Samsung account and security
• Running Samsung updates until current (24th Feb 2021)
• Reassign the Knox profile
• Factory resetting through settings
• run through the setup process
• Error has stopped at this point

You can either use Wi-Fi or SIM Card Data for OS updates through Knox

Answer 3

I had the same problems and this is how i fixed it. I have Samsung Tablet Android 10 and need to set it up under Enterprise.
Straight out of the box, you expand the OS, set up Network connection and than type in the google gmail space: afw#mobicontrol. This Does Not install the custom OS. Once expanded the OS has all the bloated software in tact plus the Mobicontrol app. I kept getting an error 'Can't Create Work Profile because Custom OS is installed on this device'. I did a factory reset but did so by powering it off than using the Power Button and Up Arrow to force it to the Android Recovery Screen. There is a factory reset option to choose from. "This Does Not Work". It still keeps the bloated software in tact.

You need to expand the Android OS first than do a reset. Go to SETTINGS. than ABOUT. at bottom is a RESET option. Choose that. Choose Factory Reset. This will delete all those apps. It reboots. Now you can enter afw#mobicontrol at the google email screen and it will install the custom OS and works under Soti.

Reset From the SETTINGS and do a Factory Reset. Than type in AFW@MOBICONTOL and the custom OS will work.