Management and Security

Wiping devices

When a device is lost, stolen, or assigned to a new user, you may want to wipe the device to remove any personal or sensitive information.

There are two methods for wiping a device, depending on whether the device is enrolled or only discovered through the Exchange server.

Enrolled devices are wiped through the Mobility tool.

Discovered devices are wiped through the EAS server.

ClosedWipe an enrolled device from the inventory

There are three wipe options for managed devices:

Selective wipe/Unmanage. Removes all the agent settings on the device. For example, a selective wipe would remove app restrictions or Wi-Fi passwords. It does not uninstall the Ivanti agent.

Selective wipe/Delete. Removes the agent settings and also deletes the device from the Management Console inventory.

Wipe. Removes all personal files and applications from the device and restores the device to its factory settings. This option removes the Ivanti agent from the device. This option doesn't work with desktop machines, such as Windows 10 PCs, iMacs, or Macbooks.

When you send a wipe command, it is sent through the device's configured notification service. The command is sent immediately and cannot be canceled.

If the device is unreachable when the command is sent, the notification service caches the command temporarily. If the device comes online again while the command is cached, the command is delivered to the device and it is wiped. If the device does not come online within 24 hours, the wipe command is not delivered.

NOTE: If a mobile device has both the MDM and Agent applications installed, wiping a device using the Mobility Manager still removes the Ivanti profile.

To execute the wipe command

1.Find the device in the Network view.

2.Right-click it and click Wipe. Then select the type of wipe you want to perform.

3.You are prompted to proceed with the command.

ClosedWipe a discovered device using the EAS server

On a Microsoft Exchange server, the wipe is associated with both the user and the device. Once the wipe command is sent to the server, the device's status in Mobility Manager is set to "Wipe pending". The next time the device attempts to log in, the wipe command will execute and the device will be wiped immediately. Because the wipe does not actually occur until the next time the device logs in, the wipe command can be canceled at any time prior to the device check in.

To execute the wipe command

1.Find the device in the Network view.

2.Right-click it and click EAS Wipe.

3.You are prompted to proceed with the command.

When the device is wiped, it is also removed from the inventory.

To cancel a wipe command

To cancel a wipe command (only available for devices being wiped through EAS), right-click on the device and select Cancel wipe.

Was this article useful?