Deletion of retired devices

As device users leave your enterprise or change to new devices, more and more devices in the Ivanti EPMM database are retired. When you retire a device, Ivanti EPMM un-registers it and no longer manages or secures the device. All the configurations and settings that Ivanti EPMM had applied to the device are removed. The device can no longer access enterprise data or apps.

However, Ivanti EPMM retains retired devices in its database. Deleting these devices from the database improves Ivanti EPMM performance and frees up disk space. Although Ivanti EPMM also provides a web services API and a CLI command to delete retired devices, using the Admin Portal display is easier. It also provides an easy way to automatically delete retired devices every day.

With this Admin Portal display, you can:

  • Easily navigate to the list of retired devices.
  • Delete devices that have been retired for more than a specified number of days.
  • Configure Ivanti EPMM to automatically delete retired devices daily, weekly, or monthly.

You can use this display only if you are assigned to the global space and you are assigned the administrator role Delete retired device. Otherwise, the actions on this display are disabled.

When Ivanti EPMM deletes retired devices due to your actions on this display, it records Delete Retired Device events in the audit log. Personal data related to retired devices can be deleted by deleting the local user. However, LDAP users cannot be permanently deleted unless the LDAP server or group has been deleted, in which case the LDAP users become local users and can be deleted. If a user is deleted on the LDAP server, the user is automatically removed from Ivanti EPMM during the next LDAP sync.

Deleting retired devices by threshold

A common task, although not necessarily a daily task, is deleting retired devices. Deleting these devices from the database improves Ivanti EPMM performance and frees up disk space.

Prerequisites

Make sure you are assigned the required administrator role. To delete retired devices, you must be:

  • Assigned to the global space
  • Assigned the administrator role Delete retired device

Procedure

  1. In the Admin Portal, go to Settings > System Settings.
  2. Select Users & Devices > Delete Retired Devices.

    Delete Retired Devices page

  3. Optional. Select the number of days after which retired devices should be deleted, or accept the default of 30 days.
  4. Optional. Select the maximum retired devices to delete in each session, or accept the default of 100 devices.
  5. Optional. Select Delete Now to delete the retired devices that meet the new criteria.

  6. Select Save to save the configuration.

If Delete Now is disabled, only an administrator who is a “super administrator” can assign you to the global space and assign the Delete retired device administrator role to you. The procedure for the super administrator and definition of a super administrator are in Assigning an administrator the role to delete retired devices.

Deleting retired devices by schedule

You have the option to delete retired devices at daily, weekly, or monthly intervals.

Procedure 

  1. In the Admin Portal, go to Settings > System Settings > Users & Devices > Delete Retired Devices.
  2. Optional. Select the number of days after which retired devices should be deleted, or accept the default of 30 days.
  3. Optional. Select the maximum retired devices to delete in each session, or accept the default of 100 devices.
  4. Select Automatically Delete Retired Devices on a Schedule. The Delete Schedule Configuration menu displays.
  5. Select the Weekly or Monthly radio button, or accept the Daily default. Additional fields display.

    1. Daily - Select the hour you want the process to run.
    2. Weekly - Select the day and the hour you want the process to run.
    3. Monthly - Select the hour you want the process to run on the first day of the month.
  6. Select Save to keep the configuration. The retired devices that match or exceed the threshold at the scheduled time will be deleted.

Assigning an administrator the role to delete retired devices

If you are a super administrator, you can assign another administrator the capability to delete retired devices. You are a super administrator if you are:

  • Assigned to the global space.
  • Assigned the role Manage administrators and device spaces.

Procedure

  1. In the Admin Portal, go to Admin > Admins.
  2. Select an administrator.
  3. Select Actions > Edit roles.
  4. For Admin Space, select Global.
  5. Select the Device Management role Delete Retired device.
  6. Select Save.