We had a similar problem where our Android Enterprise work-managed mode devices weren't reliably factory resetting after deletion/unenroll.  After much work with support, they were able to identify and fix the problem on their end.  I suggest you log cases with support and swap case #s so support knows that multiple customers have the same issue.

We had been suffering the exact same issue as yours over the past 6-12 months.  It wouldnt matter if you hit "delete" or "device wipe", sometimes the devices would not unenroll correctly, leaving the device locked to the MDM still and because we have factory reset (by user) option disabled, so users cant reset their own devices, it also meant we couldnt use boot loader to reset them either.

I also had lengthy support discussions but to no avail, they only advised at the time to not use the delete option.

At some point it seems to have stopped happening but now we have to use the delete option again, as the Android FRP profile payload has a known bug where it doesnt get removed, unless you use delete.  Anyway, I could share support case number/s with anyone interested but as it was so inconclusive at the time, I dont know how much use it will be for anyone.

What console version is everyone running and are you an on-premises or a SaaS customer?

SaaS/CN500

Version: 20.7.0.1 (2007)

But I reckon we might have stopped seeing this occur around console v2005/2006, or just that our IT teams have been less active refreshing devices for users.

SaaS

Console version 20.6.0.5 (2006)

So far all of the devices have been BYOD Samsung Galaxy devices with Android 10. These devices are enrolled with Android Legacy, we're running Android Enterprise now, but had a small subset of devices left over on Android Legacy. I was wondering if the issue was due to devices that had enrolled with Android 9 and then later upgraded to Android 10, but I have nothing to verify that at this time, just the fact that all the devices are Device Administrator enrolled Samsung galaxy devices that would have had Android 9 originally and now have Android 10.

Of course the problem is that we are trying to re-enroll some of these devices and the user can't re-enroll because the Device Administrator is still enabled on the device, and we can't uninstall the hub app either in this state.

It appears to be somewhat related to a bug with both console versions 20.06 and 20.07.

https://kb.vmware.com/s/article/80230?lang=en_US

I'm not sure that it's related to that issue (although it could be). The issue in the provided link is actually one that I reported several weeks ago and worked with support on, but that issue was only occurring for our iOS devices. Also that issue is for devices that properly wipe but remain in the console, versus the Android issue where the device is successfully deleted from the console, but the Device Administration remains on the device.

Hello all,

We are running 20.6.0.5 (2006), and I believe the issue I was referring to (Work Managed devices staying enrolled after console deletion) is fixed.  Case was 19057868909.  Work item was AGGL-6666.  This issue was supposedly fixed in 20.03 (So, earlier this year...) according to my case history.  This issue affected our Android devices (both 6 and 7).

That being said, I'm not sure if it's exactly the same issue raised on this thread.

@kanraku and @km8678 are you definitely seeing your issue after ​20.03 ?

Also, are you able to use the bootloader device reset method?  Sometimes that still works regardless if resets are allowed in the profile or not.