What are you looking for?

Showing results for 
Search instead for 
Did you mean: 

Samsung Galaxy XCover 6 Pro/Samsung Galaxy Tab Active 4 Pro/S23 Ultra MDM lock Enterprise/Leasing/Device Administrator

(Topic created on: 22-06-2023 09:57 AM)

Good afternoon, dear respective Samsung Community members!


I would like inquire regarding very serious topic of MDM lock. MDM lock stands for Mobile Device Management and it's nothing to do with SIM lock or Regional Lock. For example when some large enterprise, suppose a some grocery store with thousands of employees and multiple branches needs to order smartphones, tablets, such large manufacturers like Samsung, Apple have MDM phones for business/enterprise. Such phones and tablets are usually same in packaging and visually you can't distinguish them from ordinary versions that available for general consumers in the store. So suppose the grocery store orders 200 pieces of Samsung Galaxy XCover 6 Pro for their employees, Samsung on the factory preloads administrator profile of this grocery store in that batch of phones during their production and grocery store receives them in original packaging with seals, so administrator of the grocery store does not need to unpack each of 200 phones and manually preload on it enterprise policy, he directly gives these devices to employees and later on, on his PC he would control data on that phones, load any needed apps, etc. Everything comes ready for work out of the box state since on the Samsung factory MDM profile of grocery store administrator already preloaded on that batch of phones.


Such devices are usually sells significantly lower in price since they sold with MDM profile and order from that grocery store and Samsung directly. 


Sometimes enterprise is so large and have significant amount of the devices in their warehouse and it's possible that this enterprise would write off unused amount of their devices by simply selling it to other 3rd parties. For example they have used 190 pieces of their MDM Samsung Galaxy XCover 6 Pro and other 10 was as backup devices in case of employee lost or damage. Those 10 pieces for example was not even opened and enterprise is selling it to other 3rd parties.


Later on those MDM locked devices got to eBay or to any classifieds board so every general consumer can purchase it, the chain of selling might be so large so even a seller might not know where the device was originated from if he is reselling it to gain some profit out of it. 


End general consumer after purchasing such device would not know that this device is originally intended for Enterprise, and later on after few weeks or month of using his device might be locked by enterprise administrator as he might be not aware that the device was written off by company as he would see from his administrator console that device is being used outside the enterprise, etc. Enterprise administrator manages 1000 devices and can be not aware that some device with specific IMEI was being written off and can lock it according to enterprise policy.


Reason is that MDM can't be removed with out connecting it to administrator enterprise PC as there are no field of entering PIN and you can't remove it manually.


Another variant of MDM lock is when large cellular operator buys large batch of Samsung phones or tablets but with leasing MDM lock, general consumer buys this phone or tablet from cellular operator for installment plan, it's usually SIM free and he needs to pay monthly installments until he pays it's full price. If he fails to pay monthly installment MDM lock imposes by cellular operator. If all monthly installments have been paid, the MDM lock is remotely removed, so end customer do not need to come back again. Same problem here as such phones are similar in packaging and does not have any signs that it's MDM a general consumer can buy it through classifieds board and after few months of using can get MDM lock. Device can be even factory sealed.


My general inquiry is following. I want to purchase Samsung Galaxy XCover 6 Pro and Samsung Galaxy Tab Active 4 Pro. Since these devices are all marked as Enterprise Edition and available for general consumers through official Samsung site. These devices are not available in my country, my regional department of Samsung does not allow to buy it for general consumers so only business entities with the order of 100 pieces only eligible. Only option to get these devices is to purchase from 3rd parties sellers on local classifieds or eBay. Sellers I found does not know the origin of the devices, they come sealed. Boxes are absolutely similar to what Samsung sells to enterprise consumers and to general consumers. Visually it's impossible to distinguish. I contacted with Samsung chat support they said that it's impossible by IMEI say whether it's MDM locked or not. So I am pretty confused now what to do. 


I researched that topic of MDM lock and found out that one way to detect that you are holding a MDM locked phone but which not yet blocked by administrator is to go to Android settings, Device admin section (Usually there should appear KC Client, Knox Enrollment Service services). Once Enterprise Administrator locks your phone you would see a plug on lock screen and device would be fully unusable, please see attached screenshots, there I attached device admin apps, MDM lock of leased device, MDM lock of Walmart.


Recently one year ago my friend asked to secure his deal of purchasing a brand new iPhone 11. He was searching especially for iPhone 11 with 256GB memory, the Apple authorized resellers run out of this model, so only way was to buy from local seller at classifieds, I checked the box, model code was exactly same as official Apple retailer sold for this region, the seals was fine, even activation status was not activated, so it was not repacked. It was not enough for me, we have paid for device and with presence of seller activated it with friends Apple ID and inserted local SIM card everything was working flawlessly, I even checked under Apple ID in settings that there is no signs that this device is managed and controlled by enterprise, same was for settings no MDM profile was installed. After 8 months of using friend got his device MDM locked, now sign appeared that this device is controlled by some enterprise and MDM profile was in settings. Contacting with this enterprise failed for friend since he told that they refused to remove the MDM as this device still listed as their property and they does not know how it appeared on classifieds board.


So after such experience I really do not know how to check that Samsung phones have any type of MDM lock as even after some months of using even if there where no active device admin profiles it can be still MDM locked after using. Maybe you could say what is 100% way to detect presence of MDM lock?


Thank you in advance for your reply!



 Samsung Android Device AdminSamsung Android Device AdminSamsung MDM leasing lockSamsung MDM leasing lockSamsung Walmart MDM enterprise lockSamsung Walmart MDM enterprise lock

Tourbillon De La Vie
Samsung Members Star ★

not worth the risk, in my opinion