This feature allows an IT admin to remotely lock out a device, for example, when the device is out of compliance. Once the device is locked, only an IT admin can unlock it and not a device user. This functionality solves two problems:

• Prevents unauthorized users from accessing the device if it gets lost or stolen.
• Prevents users with valid login credentials from using the device, for example, if the credentials are stolen or the user is no longer allowed to use the device.

With stock Android, an IT admin can lock a device only if it is currently unlocked. If the device is already locked, an admin can’t lock it to prevent future unauthorized logins.