You can protect yourself against excessive device wipes and enterprise wipes by setting a wipe threshold in Workspace ONE UEM.
Remotely wiping a device of privileged corporate content, called an Enterprise Wipe, is one of the steps considered when a device becomes lost or stolen. Wipe protection safeguards against the threat of corporate content coming into contact with competitors. A Device Wipe is potentially more destructive, removing all content until the device returns to its factory state.
Device Wipe – Send an MDM command to wipe a device clear of all data and operating system. This action cannot be undone.
Enterprise Wipe – Enterprise Wipe a device to unenroll and remove all managed enterprise resources including applications and profiles. This action cannot be undone and re-enrollment is required before Workspace ONE UEM can manage this device again. This device action includes options to prevent future re-enrollment and a Note Description text box for you to add information about the action.
However, there are circumstances when scheduled processes such as the Compliance Engine and other automated directives wipe multiple devices. In addition to the automated wipes, an accidental wipe initiated by an administrator can be problematic. As an administrator, you might want to be informed when such actions are initiated and be given the chance to intervene.
Configure wipe protection settings by defining a wipe threshold, which is a minimum number of devices wiped within a certain amount of time. For example, if more than 10 devices are wiped within 20 minutes, you can place future wipes on hold automatically until after you validate the wipe commands.
You can review wipe logs to see when devices were wiped and for what reason. After reviewing the information, you can accept or reject the on-hold wipe commands and unlock the system to reset the wipe threshold counter.
Set a wipe threshold for managed devices and notify administrators through email when the threshold is met. You can only configure these settings at the Global or Customer level organization group.
Navigate to Devices > Lifecycle > Settings > Managed Device Wipe Protection.
Configure the following settings.
|Wiped Devices||Enter the number of Wiped Devices that acts as your threshold for triggering wipe protection.|
|Within (minutes)||Enter the value for Within (minutes) which is the amount of time the wipes must occur to trigger wipe protection.|
|Select a message template to email to administrators.
Create a message template for wipe protection by navigating to Groups & Settings > All Settings > Devices & Users > General > Message Templates and select Add, Next, select Device Lifecycle as the Category and Wipe Protection Notification as the Type. You can use the following lookup values as part of your message template.
|- – The value of Within (minutes) on the settings page.|
|- – A link to the Wipe Log page.|
|To||Enter the email addresses of administrators who must be notified. These administrators must have access to the Wipe Log page.|
For details, see Lookup Values.
You can view the Wipe Log page to see when devices were wiped and for what reason. After reviewing the information, you can accept or reject any on-hold wipe commands and unlock the system to reset the wipe threshold counter.
If the system is locked, then you see a banner at the top of the page indicating this status.
Navigate to Devices > Lifecycle > Wipe Log.
The Report Device Wipe Log resource manages access to the Wipe Log page, and is available by default for system admins, SaaS admins, and Workspace ONE UEM admins. You can add this resource to any custom admin role using the Create Admin Role page.
Filter the Wipe Log by the following parameters.
View the list of devices and determine whether the presented devices are valid wipes.
Device pending actions have a status of "On Hold." Devices wiped before the threshold limit is reached display as "Processed".
Reset the device threshold counter and allow wipe commands to go through by selecting Unlock System.
The system allows future automated wipe commands until the threshold limit is exceeded again. You can only perform this action at a Global or Customer level organization group.