You can automatically perform an enterprise wipe when users are removed from user groups. This check occurs at the same frequency as the Sync LDAP Groups scheduler task.

  1. Navigate to Groups & Settings > All Settings > Devices & Users > General > Enrollment and select the Restrictions tab.
  2. Select the Restrict Enrollment to the Configured Groups option.
  3. If you want to enterprise wipe all devices not part of any user group automatically, then take the following steps.

    1. Select All Groups.
    2. Enable the Enterprise Wipe devices of users not belonging to the configured groups option.
  4. If you want to enterprise wipe all devices not part of only selected user groups automatically, then take the following steps.

    1. Choose Selected Groups and include the user group names.
    2. Enable the Enterprise Wipe devices of users not belonging to the configured groups option.
  5. The Restrict Enrollment To Configured Groups option means that enrollment is limited in the following ways.

    • Enrollment is limited to users belonging to any user group (All Groups).
    • Enrollment is limited to users belonging to a particular user group (Selected Groups).

    For more information, See Enabling Directory Service Based Enrollment.

  6. Select Save.