The option to remotely wipe devices exists in Exchange for both administrators and end-users. By wiping a device, it will "restore" the device to factory settings, which will remove any secret company data that is stored on the device and hopefully deter the person who ends up with the lost or stolen phone, from using it. I know that remote wiping is a "sore spot" for many organizations, this is just instructional, so please adhere to your guidelines.
I'll show you how to use the Exchange Management Console (EMC), the Exchange Management Shell (EMS) and how the end-user can use Outlook Web Access (OWA) to remotely wipe a device.
Wipe a Device with the EMC
Fire up the Exchange Management Console
Expand Microsoft Exchange On-Premises
Expand Recipient Configuration
Click Mailbox
Search the mailboxes until you find the user mailbox for the device to be wiped.
Right-click the user and select Manage Mobile Phone from the menu.
In the Manage Mobile Phone Wizard, highlight the device.
Under Action, click Perform a remote wipe to clear mobile phone data.
Click Clear
Click Yes to confirm
The wizard will run through to the completion screen where you will get a message that the successful remote wipe command is queued.
Wipe a Device with the EMS
Fire up the Exchange Management Shell and run:
Get-ActiveSyncDevice –Mailbox "mailbox name" | fl Name
Then run:
Clear-ActiveSyncDevice –Identity "name of device" –NotificationEmailAddresses "your email address"
**Note** Change "name of device" to the value returned in Get-ActiveSyncDevice
The –NotificationEmailAddresses allows you to receive a confirmation when the wipe is complete; you'll use your email address.
Hit "Y" and press Enter to confirm
**Note** The remote wipe won't be executed on the device until it connects to ActiveSync and receives the command.
To track the progress in the EMS, run:
Get-ActiveSyncDevice –Mailbox "mailbox name" | Get-ActiveSyncDeviceStatistics
End-user Remote Wipe using OWA
You will need to train your users on the ability to remote wipe their devices so they know that it exists and how to do it. Also, instruct them that it is destructive and they shouldn't wipe it "just for fun".
Also instruct them that a remote wipe will only work if the device contacts Exchange, and here are some instances that a wipe will not occur:
The device isn’t configured for push email
3G/4G/LTE or Wi-Fi is disabled
The SIM card is disabled
The user changes their password in AD
An access rule is in place, blocking the device
The end-user can wipe their device with the Exchange Control Panel (ECP).
They will need to log-in to OWA, hit Options in the upper-right corner, and then choose See All Options.
Click on Phone in the left pane, which will display the list of mobile devices they have associated.
Select the device they wish to wipe and click Wipe Device.
Click Yes to confirm the warning.
The device status will change to Wipe Pending.
They have the opportunity to cancel the device wipe before it completes, and they can monitor the status here.
If or when the device connects to Exchange, the remote wipe is executed.
There are no warnings on the device before the remote wipe begins. So the person in possession of the device is none-the-wiser.
The user will receive an email letting them know when the remote device wipe has completed.
They can also remove the device from their list of mobile devices by highlighting it and hitting the Delete button.
As you've seen, there are multiple ways to wipe a device if it has fallen into the wrong hands. Now your user(s) can rest easy by not giving away company data; they just have to go through the hassle of getting a new phone :)
Microsoft Enterprise Messaging tips, tricks, and general help.
No comments:
Post a Comment