Device Wipes
Remotely wipe devices to protect corporate data when devices are lost, stolen, or when employees leave the organization. Choose between full device wipe or selective corporate data removal.
Warning: Device wipes cannot be undone. Full wipe erases all data and returns the device to factory settings. Always confirm the action before proceeding.
Wipe Types
Full Wipe (Factory Reset)
Erases all data and returns device to factory settings. Use for corporate-owned devices or serious security incidents.
- Removes all apps and data
- Resets device to factory state
- Removes device from Intune
- Cannot be undone
Use case: Lost/stolen devices, employee termination with corporate device
Selective Wipe (Retire)
Removes only corporate data and apps while preserving personal content. Ideal for BYOD scenarios.
- Removes work apps and data
- Keeps personal files intact
- Removes device from management
- Preserves user experience
Use case: Employee departure, BYOD device return, role change
Platform Behavior
| Platform | Full Wipe | Selective Wipe |
|---|---|---|
| Windows | Factory reset, removes all data. Option to keep enrollment (Autopilot) | Removes work account, apps, VPN/Wi-Fi profiles |
| macOS | Erases all content, reinstalls latest macOS | Removes MDM profile, managed apps, certificates |
| iOS/iPadOS | Erases all content and settings, Activation Lock may remain | Removes MDM profile, managed apps, work data |
| Android Enterprise | Factory reset. Work Profile: removes profile only | Removes work profile and all corporate data |
Wipe Options
Windows Options
- Wipe device but keep enrollment state and user account
- Wipe device and continue to wipe even if device loses power
iOS Options
- Preserve eSIM data plan (if applicable) — only for supervised devices with eSIM capability
Android Options
- Wipe protected (factory reset protection enabled) — maintains factory reset protection after wipe
Wipe Status Tracking
- 12 Pending (Waiting for device)
- 3 In Progress (Currently wiping)
- 456 Completed (Last 90 days)
- 2 Failed (Needs attention)
Recent Wipe Actions
| Device | Type | Initiated By | Status | Date |
|---|---|---|---|---|
| iPhone-Sales-042 | Full Wipe | security@company.com | Completed | 2024-01-15 |
| BYOD-Android-John | Selective | hr@company.com | Completed | 2024-01-14 |
| LAPTOP-STOLEN-001 | Full Wipe | security@company.com | Pending | 2024-01-15 |
Bulk Wipe
Wipe multiple devices at once for scenarios like department restructuring or security incidents:
Selection Methods
- Select from device list
- Filter by device group
- Filter by user (departed employees)
- Filter by location/department
Safeguards
- Confirmation required for each batch
- Maximum 100 devices per batch
- Audit log of all actions
- Email notification to admins
Activation Lock (iOS)
Activation Lock prevents device reuse after wipe unless Apple ID credentials are provided:
Supervised Devices:
- Activation Lock bypass code stored
- Can be disabled via MDM
- Automatic bypass on wipe
Unsupervised Devices:
- Cannot be bypassed remotely
- Requires user’s Apple ID
- May leave device unusable
Best Practices
- Document wipe requests — Keep records of why each wipe was initiated (HR ticket, security incident).
- Use selective wipe for BYOD — Preserve personal data on employee-owned devices to avoid liability.
- Enable Lost Mode first for iOS — Lock device and display contact info before wiping in case it’s recoverable.
- Verify device connectivity — Offline devices will wipe when they next connect. Monitor pending wipes.
API Reference
POST /api/devices/:id/wipe— Initiate full device wipePOST /api/devices/:id/retire— Initiate selective wipe (retire)POST /api/devices/bulk-wipe— Wipe multiple devicesGET /api/devices/wipe-status— Get wipe action statusPOST /api/devices/:id/cancel-wipe— Cancel pending wipe (if not started)