When a user in the organization has a mobile device configured for ActiveSync, Exchange Server 2010 gives them the capability to perform their own remote device wipes.
This is useful in scenarios such as a lost of stolen mobile phone, because the user can often perform the remote wipe faster than if they had to contact their IT support.
There are a few caveats of course.
The user needs to be aware that the capability exists, and either be trained or be able to access help documentation for the process. This means your user education needs to be performed in advance, or alternatively your help documentation needs to already exist and be available somewhere that you can direct the user if they contact you for support.
The mobile device also needs to make a connection to the Exchange server for the remote wipe to occur. There are a number of ways that a lost or stolen device may never contact the server again, such as:
- the device isn’t configured for push email, so doesn’t automatically connect to the server
- the thief disables 3G/wireless to prevent connections being made
- the mobile carrier disables the SIM card
- the user changes their password in Active Directory
- the device is blocked by a device access rule
So with all of that in mind, lets take a look at the process for a user-initiated remote wipe.
Exchange makes this functionality available to the end user via the Exchange Control Panel. Users can access the Exchange Control Panel by first logging in to Outlook Web App, clicking Options in the upper-right corner, and then choosing See All Options.
Clicking on Phone on the left-hand side displays the list of mobile devices associated with the user.
Select the device you wish to wipe and click on Wipe Device.
A warning box appears to confirm that the user wishes to wipe their device. Click Yes to confirm.
The device status changes to Wipe Pending. The user has the opportunity to cancel the device wipe before it completes, otherwise they can continue to monitor the status here.
The next time the device connects to Exchange (if it ever does), the remote wipe is initiated.
To the person in possession of the device there are no warnings or other messages before the remote wipe begins. In the case of the iPhone I’m using to demonstrate this, the device reverts to factory defaults and goes through the initial configuration steps when it starts up again.
The user receives a confirmation email letting them know that the remote device wipe has completed.
They can also check the status of the wipe request in the Exchange Control Panel.
Finally, they can remove the device from their list of associated mobile devices by highlighting it and clicking the Delete button.
As you’ve seen in this article, Exchange Server 2010 puts some very useful and powerful mobile device management capabilities in the hands of end users, allowing organizations to give more control to their staff and relieve some of the burden from IT staff.
If this is something you’d like to see first-hand, but you don’t have spare mobile devices available, you can use virtual Android devices instead.