Export (0) Print
Expand All

Help protect your data with Remote Wipe, Remote Lock, or Passcode Reset Using Windows Intune

Updated: April 1, 2014

Applies To: Windows Intune

Windows Intune provides selective wipe, full wipe, remote lock, and passcode reset capabilities. Because mobile devices can store sensitive corporate data and provide access to many corporate resources, if a device is lost or stolen, you can issue a remote device wipe command from the Windows Intune administrator console. Also, users can issue their own remote device wipe commands from the Windows Intune company portal user interface. To protect devices you can issue:

  • A full wipe to restore the device to its factory settings.

  • A selective wipe to remove only company data.

  • A remote lock to help secure a device that might be lost.

  • Reset the device passcode.

This topic includes:

You might issue a wipe command to a device when you need to secure a lost device or when you retire a device from active use.

Issue a full wipe to a device to restore the device to its factory defaults. This removes all company and user data and settings. You can do a full wipe on Windows Phone, iOS, and Android devices.

Issue a selective wipe to a device to remove only company data. The following table describes by platform what data is removed and the effect on data that remains on the device after a selective wipe.

 

Content Type Windows 8.1(enrolled as a mobile device) and Windows RT 8.1 Windows RT Windows Phone 8 and Windows Phone 8.1 iOS Android Android Samsung KNOX

Company apps and associated data installed by Windows Intune.

Files protected by EFS will have their key revoked and the user will not be able to open the files.

Will not remove company apps.

Apps originally installed through the company portal are uninstalled. Company app data is removed.

Apps are uninstalled. Company app data is removed.

Apps and data remain installed.

Apps are uninstalled.

Settings

Configurations that were set by Windows Intune policy are no longer enforced and users can change the settings.

Management Agent

Not applicable. Management agent is built-in.

Not applicable. Management agent is built-in.

Not applicable. Management agent is built-in.

Management profile is removed.

Device Administrator privilege is revoked.

Device Administrator privilege is revoked.

Email

Removes email that is EFS enabled which includes the Mail app for Windows email and attachments.

Not supported.

Not supported.

Not supported.

Not supported.

Not supported.

  1. In the Windows Intune administration console, click Groups > All Users.

  2. Click the name of the user whose mobile device you want to wipe, and then click View Properties.

  3. On the properties page for the user, click the Devices tab, and then click the name of the mobile device that you want to wipe.

  4. Click Retire/Wipe.

  5. A message appears, prompting you to confirm whether you want to retire the device.

    • To perform a selective wipe which only removes company content, click Yes.

    • To perform a factory reset on a device, select Wipe the device before retiring. This action applies to all platforms except Windows 8.1.

It takes less than 15 minutes for a wipe to propagate across all device types.

Selective wipe of EFS-encrypted content is supported by Windows 8.1 and Windows RT 8.1. The following apply to a selective wipe of EFS-enabled content:

  • Only apps and data that are protected by EFS using the same Internet domain as the Windows Intune account are selectively wiped.  For more information, see Windows Selective Wipe for Device Data Management.

  • If there are any changes are made to the domain associated with EFS, the changes can take up to 48 hours before apps and data using the new domain can be selectively wiped.

  • Each domain that is registered with Windows Intune is the domain that will be wiped.

The data and apps that are currently supported by EFS selective wipe are:

If a user forgets their passcode, you can help them by removing the passcode from a device or by forcing a new temporary passcode on a device. The table below lists how passcode reset works on different mobile platforms.

 

Platform Passcode Reset

iOS

Supported for clearing the passcode from a device. Does not create a new temporary passcode.

Android

Supported and a temporary passcode is created.

Windows Phone 8

Not Supported

Windows RT 8.1 and Windows RT

Not Supported

Windows 8.1

Not Supported

  1. In the Windows Intune administration console, click Groups > All Devices > All Mobile Devices.

  2. Click All Direct Managed Devices for devices enrolled to Windows Intune or All Exchange ActiveSync Managed Devices.

    TipTip
    You can also navigate to a device by user. Click All Users and on the properties page for the user, click the Devices tab, and then click the name of the mobile device that you want to wipe.

  3. In the list, click the device or devices that you want to lock, and then on the taskbar click Remote Tasks and select Passcode Reset.

If a user loses their device you can lock the device remotely. The table below lists how remote lock works on different mobile platforms.

 

Platform Remote Lock

iOS

Supported

Android

Supported

Windows Phone 8

Not Supported

Windows RT 8.1 and Windows RT

Supported if the current user of the device is the same user who enrolled the device.

Windows 8.1

Supported if the current user of the device is the same user who enrolled the device.

  1. In the Windows Intune administration console, click Groups > All Devices > All Mobile Devices.

  2. Click All Direct Managed Devices for devices enrolled to Windows Intune or All Exchange ActiveSync Managed Devices.

    TipTip
    You can also navigate to a device by user. Click All Users and on the properties page for the user, click the Devices tab, and then click the name of the mobile device that you want to wipe.

  3. In the list, click the device or devices that you want to lock, and then on the taskbar click Remote Tasks and select Remote Lock.

See Also

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft