Remotely Wipe a Mobile Device
Updated: December 17, 2012
Applies To: Windows Intune December 2012 Release
Mobile devices can store sensitive corporate data and provide access to many corporate resources. If a device is lost or stolen, that data can be compromised. Windows Intune provides a remote device wipe feature. You can issue a remote device wipe command from the Windows Intune administrator console or users can issue their own remote device wipe commands from the Windows Intune company portal user interface. Through Windows Intune policies, you can add a password requirement, to automatically prompt for a password after a period of inactivity, and to specify a maximum number of password attempts and when that maximum is exceeded, the mobile device performs a local device wipe. Local device wipe is the mechanism by which a mobile phone wipes itself without the request being initiated from the Windows Intune.
You can use this procedure to clear data from a stolen or lost device. To wipe a mobile device from the Windows Intune company portal, see the following topic Enrolling Your Devices.
For more information about the process of wiping a mobile device, see Understanding Remote Device Wipe.
To initiate a remote wipe from the Windows Intune administrator console
Open the Windows Intune administrator console.
In the workspace shortcuts pane, click the Groups icon.
In the navigation pane, click All Users , click the name of the user whose mobile device you want to wipe, and then click View Properties .
On the properties page for the user, click the Devices tab, and then click the name of the mobile device that you want to wipe.
Click Retire/Wipe .
A message appears, prompting you to confirm whether you want to retire the device. Select the Wipe the device before retiring check box, and then click Yes .
Note For devices that are managed through Exchange ActiveSync, the next time that the mobile device synchronizes with Exchange, the device will be reset to factory defaults. IN this case, after you initiate the remote wipe, the next time that the mobile device sends a request to the Exchange server, the Exchange server will respond with a remote wipe command. Upon receiving the remote wipe command from the server, the mobile device should send an acknowledgment to the server to indicate that it will erase all data from the device. Then the device will attempt to reset itself to factory defaults. The device must send this acknowledgment before erasing all data from memory and storage because it will not have access to the information it needs to send requests after it wipes the device.