The Wipe Protection settings page in Workspace ONE UEM lets you configure options that let you exert more control over how and when managed devices can be wiped to avoid mass wiping devices.

Configure Enrollment settings by navigating to Groups & Settings > All Settings > Devices & Users > Advanced > Managed Device Wipe Protection.

What can you do with the Workspace ONE UEM Managed Device Wipe Protection settings page?

The Wipe Protection settings page allows you to:
  • Configure wipe protection settings by defining a wipe threshold, which is a minimum number of devices wiped within a certain amount of time. For example, if more than 10 devices are wiped within 20 minutes, you can place future wipes on hold automatically until after you validate the wipe commands.
  • Review wipe logs to see when devices were wiped and for what reason. After reviewing the information, you can accept or reject the on-hold wipe commands and unlock the system to reset the wipe threshold counter.
  • Set a wipe threshold for managed devices and notify administrators through email when the threshold is met. You can only configure these settings at the Global or Customer level organization group.

Determine your Organizational group hierarchy

Before you review and modify settings, understand the two types of inheritance/override options for the organization group hierarchy available at the top and bottom of the settings page and determine your choices. For more information about these settings, see Override Versus Inherit Setting for Organization Groups.

  • Current Setting – Select whether to Inherit or Override the displayed settings. Inherit means use the settings of the current organization group's parent OG, while Override enables the settings for editing so you can modify the current OG's settings directly.
  • Child Permission – Select the available behavior of child organization groups that exist below the currently selected organization group. Inherit only means child OGs are only allowed to inherit these settings. Override only means they override the settings, and Inherit or Override means you can choose to inherit or override settings in child OGs that exist below the currently selected OG.

Managed Device Wipe Protection

Setting Description
Wiped Devices Enter the number of Wiped Devices that acts as your threshold for triggering wipe protection.
Within (minutes) Enter the value for Within (minutes) which is the amount of time the wipes must occur to trigger wipe protection.

Select a message template to email to administrators.

Create a message template for wipe protection by navigating to Groups & Settings > All Settings > Devices & Users > General > Message Templates and select Add, Next, select Device Lifecycle as the Category and Wipe Protection Notification as the Type. You can use the following lookup values as part of your message template.

  • {EnterpriseWipeInterval} – The value of Within (minutes) on the settings page.
  • {WipeLogConsolePage} – A link to the Wipe Log page.
To Enter the email addresses of administrators who must be notified. These administrators must have access to the Wipe Log page.