For businesses, ensuring data security on mobile devices is paramount, and iPhones are no exception.
If corporate data is accessed through apps or local storage on devices that don’t comply with corporate policies, sensitive information can fall into the wrong hands. This prospect is particularly worrying in the case of mobile devices, which are generally easier to lose than other terminals. In scenarios BYOD Where is it COPE, these devices can also contain personal data, further complicating security. When a user leaves the company or their device is lost or stolen, IT must be able to remotely wipe corporate data.
However, the procedure for remotely wiping a device varies between mobile platforms. In organizations that allow iPhones to be used as business tools, IT administrators need to be aware of the options for resetting these devices.
Reset options for managed iPhones
When you manage employee devices with dedicated software (mdm, Mobile device management), there are several ways to reset an iPhone remotely. These options are more or less the same for Android devices as they are for almost all other platforms. Only the method name differs depending on the platform, sometimes even depending on the publisher of the MDM tool. For iOS and macOS devices, administrators can choose between a hard reset (full wipe) is one selective cleaning. For devices managed with Microsoft Intune, the options are named instead restore (delete) And deactivation (remove). Whichever name is used, the results are often the same. The different operations produce the following effects:
- Complete reset. This action erases all user accounts, data, and MDM policies and settings, restoring the iPhone to its default settings and settings. Be careful with this action, as it is not reversible. In Microsoft Intune, it is simply referred to as Reset (Clear).
- Selective deletion. This option only clears managed app data, policies, and MDM settings by deleting the management profile from the iPhone. With selective deletion, personal data is not affected. This is called a deactivation (Remove) in Microsoft Intune.
Reset options based on iPhone registration
The availability of different reset or erase options depends on the type of registration of the iPhone. Your MDM vendor might not have the necessary permissions to perform a hard wipe, as the enrollment option is often tied to device ownership.
On a personal iPhone, the user must install the MDM provider’s management application to enroll the device, a process during which they will make certain decisions. To get started, they can enroll the device as personal or corporate property. Also, choose whether the MDM tool will protect the entire device or just corporate data and applications. The IT administrator can perform a hard reset on a fully protected device.
However, if the user has Activation Lock enabled, it will be more difficult for the administrator to perform this reset. When the device is locked to the user’s personal Apple ID, it will be difficult to reactivate the iPhone. This is one reason why companies should use Automatic Device Enrollment (ADE), which is part of Apple Business Manager, for corporate iPhones. Furthermore, ADE offers a positive user experience right from the start.
Getting started with ADE is simple. Registration relies on Apple’s Setup Assistant and ensures proper device administration. The most common enrollment options for iPhone are user enrollment for personal devices and ADE for corporate devices (Figure 1). The latter can also distinguish between iPhones with or without user affinity. Devices without user affinity are typically shared. For these devices, it’s often technically possible to perform a selective wipe, but this option may not make much sense in such situations.
How to remotely wipe iPhone with Microsoft Intune
With most MDM vendors and on most device platforms, the actions required to remotely wipe a device are fairly simple. Using Microsoft Intune as an example, administrators can remotely reset an iPhone by doing the following:
- Open the Microsoft Endpoint Manager portal and sign in to an account with the necessary permissions. Go to Devices > iOS/iPadOS > iOS/iPadOS Devices.
- The user performing remote wipe or retire in Microsoft Intune must have at least the wipe and retire permissions listed in the “Remote Tasks” category.
On the iOS/iPadOS devices page, select the desired iOS device and click to clean Where is it Took ofdepending on the options available for the iPhone in question and the target sought (figure 2).
Make sure you understand the consequences described in the confirmation dialog before proceeding (Figure 3).