Office 365: Selectively Wipe a Mobile Phone

Ian 14 08

Storing company information on a mobile phone carries with it some risk. Having the ability to erase all information held on a phone from the portal is a fantastic feature but what if the device belongs to the employee? Maybe they are no longer employed by your organisation and have left never to return, what do you do about your data left on the phone? You cant remotely wipe the whole phone because they will have personal pictures, messages and emails on there which you have no right to remove.

This is where it’s very important to have a clear Bring Your Own Device (BYOD) policy which is signed by employees. This makes its very clear what both parties agree will happen to the phone and the data on it should you part ways or the phone is lost.

But what gets erased when you perform a selective wipe?

Well, lets test it and see, first I setup a phone new mobile phone and setup the office applications and ensure we have files and emails setup as follows:

  1. Txt messages
  2. Camera photos
  3. Screen shots
  4. Personal email in Gmail app
  5. Company email in Outlook app
  6. Word document stored locally
  7. Word document stored in OneDrive
  8. Word document stored in SharePoint
  9. Excel document stored locally
  10. Excel document stored in OneDrive
  11. Excel document stored in SharePoint
  12. OneNote document stored in SharePoint
  13. Skype for Business conversations

I’ve highlighted above the data which I think should be erased from the device, essentially everything stored within the Office 365 tenant and everything else should be left alone.

What I will do is run through the process to perform a remote wipe and we will see what actually gets removed and what stays.

Let’s run through the instructions for remotely erasing only data connected to Office 365 from a mobile phone.

Log into the Admin center and click on Admin Centres then security & Compliance.

Office 365 Perform Selective Wipe 1

Now click Security policies then Device management.

Office 365 Perform Selective Wipe 2

Now locate the device from the list, in this example we will wipe my own device. Click on the device then select ‘Selective wipe’ from the menu on the right hand side.

Office 365 Perform Selective Wipe 3

You will receive a warning that all data will be erased. That’s fine, its what we want! Press Yes.

Office 365 Perform Selective Wipe 4

 

If the device has a connection to the internet the phone will start erasing all of the company data, at least that’s the idea. If the device has been turned off or doesn’t have internet access then the device will never receive the wipe command but as soon as it does the process will begin.

Lets see what got removed and what stayed.

  1. Txt messages – On device
  2. Camera photos – On device
  3. Screen shots – On device
  4. Personal email in Gmail app – On device
  5. Company email in Outlook app – Prompts for user logon credentials
  6. Word document stored locally – On device
  7. Word document stored in OneDrive – Prompts for user logon credentials
  8. Word document stored in SharePoint – Prompts for user logon credentials
  9. Excel document stored locally – On device
  10. Excel document stored in OneDrive – Prompts for user logon credentials
  11. Excel document stored in SharePoint – Prompts for user logon credentials
  12. OneNote document stored in SharePoint – Prompts for user logon credentials
  13. Skype for Business conversations – Skype is still active and I can view previous conversations.

So there you go it worked great with the exception of Skype for Business which was still able to login. Knowing this I would advise you to reset the users password and remove any app passwords should you ever need to execute a remote wipe of a mobile device in the future.

Once the device has been erased it will get removed from the Mobile Device Management page.

Office 365 Perform Selective Wipe 5

Summary

Remotely wiping a mobile device is very easy and is a great way to help protect your business data. Employees often lose their mobile devices, the larger your organisation the more likely you will require this feature.



Get this blog post sent to you as a PDF file to read later

Enter your email address and press Send Now


Author: Ian@SlashAdmin

Share This Post On

3 Comments

  1. Do you have the test on Android device?
    I found that “Company email in Outlook app” will Prompts for user logon credentials after selective wipe. But with 2 taps on back button, I can still find old downloaded email, though new email is not showing up.

    Post a Reply
  2. The Security Policies section of Security & Compliance Admin Center is missing. Anyone know where it’s moved to or how you get it to show up?

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.