Wipe IPhone Remotely
No matter which Apple device you want to wipe (iPhone, iPad, or Mac), you can initiate a remote wipe command through mobile device management (MDM), iCloud, or Microsoft Exchange ActiveSync. When you initiate a remote wipe command through MDM, the Apple device sends an acknowledgment back to the MDM solution and performs the wipe. For more information, see
Wipe iPhone Remotely
When you initiate a remote wipe through Microsoft Exchange ActiveSync (iPhone and iPad only), the device checks in with the Microsoft Exchange Server before performing the wipe. You can perform the remote wipe using the Exchange Management Console, Outlook Web Access, or the Exchange ActiveSync Mobile Administration Web Tool.
Summary: This blog puts together various methods to remotely erase iPhone and protect your iPhone data from misuse. You will also find answers to frequently asked queries related to wiping iPhone data remotely.
iPhones are simply wonderful devices. From making a call to controlling a drone flying in the air, you can literally do anything with a good iPhone. Every waking day is spent looking at it for one or the other reason. From simple day to day activities to complex stuff, we depend on our iPhone. But have you ever imagined yourself losing your mini guide? It will be as if all options are locked up for you. Also, losing an iPhone means you no longer have the access to its function. In such a situation, there is a real danger of data theft, identity theft and much more. If a lost iPhone falls into the hand of a person with bad scruples, you can never know what will happen. iPhone thieves might get access to compromising data, pictures and videos that they may use to their advantage. At times, you may even get robbed of your savings if you had the details of your bank accounts and numbers save in your iPhone. Then there is the danger of another person stealing your identity as well. But all these are totally avoidable if you remote wipe iPhone immediately after you find out that you have lost your iPhone. If you are quick to remote wipe iPhone, you can hope to be safe.
Losing an iPhone is deplorable. By losing one, you not only lose a device used for communication but also many other important information stored in it. To prevent your personal details and information from going into the hands of mischief mongers, you need to enable certain settings on your device. If you have enabled it already, you can wipe iPhone remotely. Whether you are trying to wipe the data in your iPhone remotely because you lost it or just reading for learning purposes, follow the steps given below to wipe your device remotely.
Thus using the methods outlined above, you can protect your iPhone as well as the details stored in it. Although the methods described above are easy to perform, they can be useful only if they are enabled. So, it is advisable to enable them as early as possible because Find My iPhone is the only way to find you lost iPhone. Also, making regular backups of all the data in your iPhone will make your work easier when you happen to wipe or erase your iPhone data.
Some schools and corporates lock their devices with a Mobile Device Management (MDM) solution. This helps them monitor and control device usage remotely, including completely erasing the iPhone/iPad.
Thankfully, the Exchange ActiveSync also supports remotely wiping and restoring the iPhone or iPad. You can do it from the Exchange Management Console, Outlook Web Access, or the Exchange ActiveSync Mobile Administration Web Tool.
To prevent anyone else from accessing the data on your missing device, you can erase it remotely. When you erase your device, all of your information (including credit, debit, or prepaid cards for Apple Pay) is deleted from the device, and you won't be able to find it using Find My:
If corporate data is accessible via applications or local device storage on devices that don't comply with company policies, sensitive information can end up in the hands of bad actors. This is an especially concerning possibility for mobile devices, which are generally easier to lose than other endpoints. In BYOD or COPE situations, mobile devices may also contain personal data, further complicating security. When an end user leaves the organization or a device is lost or stolen, IT must be able to remotely wipe corporate data.
The process of performing a remote wipe of a device varies among mobile platforms, however. In organizations that allow the use of iPhones as work devices, IT administrators should know the options for wiping these devices specifically.
When using mobile device management (MDM) to manage employee devices, there are a few different methods for remotely wiping an iPhone. These options are similar for Android devices and basically all other device platforms. The name of the method differs per platform, and sometimes even per MDM provider. For iOS and macOS devices, admins can choose between a full wipe and a selective wipe. For devices under Microsoft Intune management, the options are instead referred to as a wipe and a retire. Even though the name may differ between platforms or MDM providers, the results are often the same. The different actions achieve the following results:
The availability of the different wipe options depends on which enrollment type the iPhone is registered under. The MDM provider might not have the permissions to perform a full wipe of the device. The enrollment option is often related to the ownership of the device.
On a personally owned iPhone, the user must install the management app of the MDM provider to enroll the device. During this process, the user makes a few decisions. First, the user can enroll the device as either personally owned or corporate owned. Additionally, the user chooses whether the MDM provider will secure the entire device or just corporate data and apps. The IT administrator can perform a complete wipe on a fully secured device.
However, if the user has enabled activation lock, performing a full wipe will be more challenging for the admin. When the device is locked to the user's personal Apple ID, it will be difficult to reactivate the iPhone. This is one reason for organizations to rely on Automated Device Enrollment (ADE), part of Apple Business Manager, for corporate-owned iPhones. Besides that, ADE provides a positive user experience out of the box.
Getting started with ADE is simple. Enrollment relies on the Apple Setup Assistant and ensures proper device management. The most common enrollment options for iPhones are user enrollment for personal devices and ADE for corporate-owned devices (Figure 1). The latter can also differentiate between iPhones with and without user affinity. Devices without user affinity are often shared. For those devices, it's often technically possible to perform a selective wipe, but that might not be a logical option in such situations.
Across most MDM providers and device platforms, the actions an IT administrator must take to remotely wipe a device are pretty straightforward. Using Microsoft Intune as an example, admins can perform a remote wipe of an iPhone by walking through the following steps:
Your users carry sensitive corporate information in their pockets every day. If one of them loses their mobile phone, your data can end up in the hands of another person. If one of your users loses their mobile phone, you can use the Exchange admin center (EAC) or the Exchange Management Shell to wipe their phone clean of all corporate and user information.
Prior to EAS v16.1, remote wipe would perform a device-level wipe, restoring the device to factory conditions. With EAS v16.1 and later, EAS also supports account-only remote wipe. In order for this to work, the client must support the EAS v16.1 protocol. If the client doesn't support v16.1, the wipe will fail and an error will be given.
Exchange ActiveSync v16.1 supports two different remote wipe processes: A Wipe Data remote wipe and also an Account Only Remote Wipe Device remote wipe. There are important differences between how Outlook responds and how native mail apps on iOS and Android respond to these different wipe commands.
Outlook for iOS and Outlook for Android support only the Wipe Data command, which wipes only data within Outlook. The Outlook app will reset and all Outlook email, calendar, contacts, and file data will be removed, but no other data is wiped from the device. The Account Only Remote Wipe Device command is therefore redundant and is not supported by Outlook for iOS or Android.
However, if a native iOS or Android mail app is connected to Exchange and receives a Wipe Data command from Exchange ActiveSync, all data on the device will be wiped, including photos, personal files, and so on.
If a native iOS or Android mail app is connected to Exchange and receives an Account Only Remote Wipe Device command from Exchange ActiveSync, only the native mail app's Exchange ActiveSync mail, calendar, and account data are wiped.
Since Outlook for iOS and Android appears as a single mobile device association under a user's mobile devices in Exchange, a remote wipe command will remove data and delete sync relationships from all devices running Outlook (iPhone, iPad, Android) associated with that user.
If you are using Intune, you should be using Intune to trigger data removal, not Exchange. Depending on the scenario, it could be accomplished via App Protection Policy selective wipe, or Device enrollment retire/wipe commands.
If the device connects to Exchange using a mail app other than Outlook, you can use the following command to wipe only the mail app's Exchange ActiveSync mail, calendar, and account data and leave all other data on the device intact:
The -AccountOnly switch has no effect on Outlook devices because an account-only remote wipe is the only type of wipe that is supported by Outlook. See Clear-MobileDevice for more information.