Wiping Managed Devices
2/9/2009
To wipe a managed Windows Mobile device, follow these steps to create a wipe request:
Note
These steps assume that you have followed administrative processes correctly to report theft, loss, compromise, or other circumstance as required by enterprise policy before you start this process.
- You receive notification to wipe a managed device
- You locate the managed device within Mobile Device Manager Console
- You create a wipe request (see Creating a Wipe Request)
- If the managed device is connected (turned on), it is wiped
- If the managed device is not connected, the wipe is initiated immediately upon the next connection
- The managed device object is deleted from Active Directory® and the device is added to the blocked device list (see Blocking a Managed Device)
MDM stores information about the wipe request in a database and immediately sends a message to the managed device. The message signals the device to start a session with MDM Device Management Server. The wipe request will be sent to the device the next time that it connects to MDM Device Management Server.
When the device retrieves the wipe request, it erases all user data on the device by overwriting with zeros or removing flash blocks, depending on the media. It reformats the external storage card, if present, and then restores the factory default settings on the device. After the wipe, the device can no longer connect to the network through MDM Gateway Server. The device is no longer enrolled in MDM, and MDM no longer manages the device. For more information on the file system operation used to erase the data, see this Microsoft Web site: https://go.microsoft.com/fwlink/?LinkId=111459.
The following list shows the possible Wipe Request status conditions.
| Wipe Status | Description |
|---|---|
Expired |
The wipe request has expired because the managed device did not connect in a pre-determined time. |
Failed |
The managed device reports that the wipe try has failed. That is, the request was sent to the managed device but the wipe failed. |
Pending |
This is this state from the start of the request until the managed device reports success or failure, or the request expires. |
Retrying |
The request resends after the managed device reports that the previous wipe request failed. |
Succeeded |
The device was successfully wiped. |
By default, the Wipe Service will revoke the device enrollment if the wipe fails after several retries, or if the wipe request expires. To change the default behavior you must use the Set-WipeConfig cmdlet in MDM Shell to configure the DisenrollUnsuccessful setting to $False. For more information, see Configuring MDM Wipe Service.
You can cancel a device wipe request if the wipe request status is Pending or Retrying. This is the default behavior. If you set DisenrollUnsuccessful to $false, you can cancel a wipe request with a status of Failed or Expired. MDM tries to cancel a wipe request by removing the request from the database before it is sent to the managed device. You cannot cancel a wipe request that has been sent to a managed device.
You cannot restore a wiped device. To enroll a device again after it has been wiped, you must unblock the device (see Unblocking a Managed Device) and then go through the enrollment process again (see Enrolling Devices).
Note
You can use MDM Shell cmdlets and PowerShell scripts to automate Windows Mobile device management tasks. For more information on wiping managed devices with MDM Shell cmdlets, see Device Wipe Cmdlets.
See Also
Tasks
Creating a Wipe Request
Canceling a Wipe Request