You can remove access to business data through device management tools in the UEM console. The actions available depend on the enrollment method.

Enterprise Wipe

Perform an enterprise wipe to remove all business data from an enrolled device. Enterprise wipe also removes access to enterprise email accounts in VMware Boxer. While the action removes enterprise data, enterprise wipe does not remove personal data from the device. Devices must be enrolled through typical enrollment to use enterprise wipe. Standalone enrollment does not support enterprise wipe.

Performing an enterprise wipe also removes all personal accounts from Boxer. End users have to log in to those accounts again in Boxer and sync to restore email for their personal accounts. Enterprise wipe does the following:

  • If the Remove on Unenroll setting was selected during the initial Boxer app configuration, Removes the Boxer application during unenrollment from AirWatch.
  • Sends a sync request to the app to remove all Boxer data, including email, contacts, and calendar.

    Data is actually removed only after the application syncs. Syncing occurs when the app is active and performs a scheduled sync, or when the user starts the app. If an end user deletes the app before the sync, then the Boxer contacts remain on the device.

Device Wipe Considerations

Standalone enrolled Boxer devices are not managed through AirWatch and no device samples are sent back from device to the UEM console. The enrolled devices are always seen idle on the Device Details page of the UEM console.

You must remove compliance policies that rely on device status from smart groups using Standalone enrollment. If compliance policies are enabled, the UEM consolereports these devices as violating compliance policies and invokes any set actions such as device wipe.

Block Access to IBM Traveler Server

IBM Traveler server can be configured to allow access only to managed devices ( AirWatch Agent, AirWatch Container, VMware Workspace One, Standalone Enrollment) using the Traveler's notes.ini configuration. This configuration can be edited to allow a client based on Boxer User Agent. Boxer can have a unique user agent string to identify the managed mode for communicating with Traveler server.

Procedure

  1. Log onto your Traveler server and locate notes.ini configuration file.
  2. Open notes.ini configuration file and find the NTS_USER_AGENT_ALLOWED_REGEX parameter.
  3. Add = AirWatch BoxerManaged after the NTS_USER_AGENT_ALLOWED_REGEX parameter. For example, NTS_USER_AGENT_ALLOWED_REGEX = AirWatch BoxerManaged.

  4. (Optional) If you want to allow Boxer managed and un-managed devices but block the native email client from accessing the Traveler server, add = AirWatch Boxer after the NTS_USER_AGENT_ALLOWED_REGEX parameter. For example, NTS_USER_AGENT_ALLOWED_REGEX = AirWatch Boxer.
  5. Select Save.