Deletion of retired devices

As device users leave your enterprise or change to new devices, more and more devices in the MobileIron Core database are retired. When you retire a device, MobileIron Core un-registers it and no longer manages or secures the device. All the configurations and settings that Core had applied to the device are removed. The device can no longer access enterprise data or apps.

However, MobileIron Core retains retired devices in its database. Deleting these devices from the database improves Core performance and frees up disk space. Although Core also provides a web services API and a CLI command to delete retired devices, using the Admin Portal display is easier. It also provides an easy way to automatically delete retired devices every day.

With this Admin Portal display, you can:

  • Easily navigate to the list of retired devices.
  • Delete devices that have been retired for more than a specified number of days.
  • Configure Core to automatically delete retired devices daily, weekly, or monthly.
NOTE: You can use this display only if you are assigned to the global space and you are assigned the admin role Delete retired device. Otherwise, the actions on this display are disabled.

When Core deletes retired devices due to your actions on this display, it records Delete Retired Device events in the audit log. Personal data related to retired devices can be deleted by deleting the local user. However, LDAP users cannot be permanently deleted unless the LDAP server or group has been deleted, in which case the LDAP users become local users and can be deleted. If a user is deleted on the LDAP server, the user is automatically removed from MobileIron Core during the next LDAP sync.

Deleting retired devices by threshold

A common task, although not necessarily a daily task, is deleting retired devices. Deleting these devices from the database improves Core performance and frees up disk space.

Prerequisites

Make sure you are assigned the required admin role. To delete retired devices, you must be:

  • assigned to the global space
  • assigned the admin role Delete retired device

Procedure

  1. From the Admin Portal, go to Settings > System Settings.

  2. Select Users & Devices > Delete Retired Devices.

  3. Optional. Select the number of days after which retired devices should be deleted, or accept the default of 30 days.
  4. Optional. Select the maximum retired devices to delete in each session, or accept the default of 100 devices.

  5. Optional. Click Delete Now to delete the retired devices that meet the new criteria.

  6. Click Save to save the configuration.
NOTE: If Delete Now is disabled, only an administrator who is a “super administrator” can assign you to the global space and assign the Delete retired device admin role to you. The procedure for the super administrator and definition of a super administrator are in Assigning an administrator the role to delete retired devices.

Deleting retired devices by schedule

You have the option to delete retired devices at daily, weekly, or monthly intervals.

Procedure 

  1. From the Admin Portal, go to Settings > System Settings > Users & Devices > Delete Retired Devices.
  2. Optional. Select the number of days after which retired devices should be deleted, or accept the default of 30 days.
  3. Optional. Select the maximum retired devices to delete in each session, or accept the default of 100 devices.
  4. Click Automatically Delete Retired Devices on a Schedule. The Delete Schedule Configuration menu displays.

  5. Select the Weekly or Monthly radio button, or accept the Daily default. Additional fields display.

    1. Daily - Select the hour you want the process to run.
    2. Weekly - Select the day and the hour you want the process to run.
    3. Monthly - Select the hour you want the process to run on the first day of the month.
  6. Click Save to keep the configuration. The retired devices that match or exceed the threshold at the scheduled time will be deleted.

Assigning an administrator the role to delete retired devices

If you are a super administrator, you can assign another administrator the capability to delete retired devices. You are a super administrator if you are:

  • assigned to the global space.
  • assigned the role Manage administrators and device spaces.

Procedure

  1. In the Admin Portal, go to Admin > Admins.
  2. Select an administrator.
  3. Select Actions > Edit roles.
  4. For Admin Space, select Global.
  5. Select the Device Management role Delete Retired device.
  6. Click Save.