Exchange. Remote Wipe

This has been discussed before on the forum – well, kind of (here), but I figured I’d dig a tiny bit deeper.

I didn’t realize until recently that your company can potentially delete your entire phone. I figured it was possible to remove an account from the Outlook app, but I didn’t know remote “wipe device” was a thing – seemingly only if you have Exchange accounts on the phone, though I could have that wrong.

So correct me if I’m wrong, but if I use Fantastical or the Outlook app – or any other service that signs into my 365 Work account – it’s possible to remove my account only. But if I wanted to use an app like Timepage or the stock calendar app, I have to set up via Exchange on my phone and that opens me up to a potential remote wipe of my entire phone.

I mean, it’s not a huge deal either way as my phone is backed up regularly and I intentionally set my phone up so if it’s tossed in a river today, I still have my data. But it’s interesting to note.

Deciding between apps and subscriptions is bad enough. I didn’t realize there is a further added complexity in terms of “how much of my phone do I want wiped in the event I leave”.

I thought I’d post this more as an FYI to the community, but also curious to hear people’s thoughts in 2023.

I think it depends on the security policy and setup of the company. If, during setup of the Exchange account, you have to install a local policy document, that document will tell you what capabilities you are allowing your work to have with your phone. And yea, it can be very intrusive, up to and including monitoring everything and remote wipe of the device. But, it doesn’t have to be.

1 Like

My understanding (and experience) is that if you configure an Exchange account on your iDevice using the normal method, then your employer has the ability to wipe your device. You also have that ability.

I used to administer a non-Microsoft email server that used MS ActiveSync technology. And in the early 2000’s I tested the remote wipe feature once using my own iPhone.

According to current Microsoft info: “if a native iOS or Android mail app is connected to Exchange and receives a Wipe Data command from Exchange ActiveSync, all data on the device will be wiped, including photos, personal files, and so on.

If a native iOS or Android mail app is connected to Exchange and receives an Account Only Remote Wipe Device command from Exchange ActiveSync, only the native mail app’s Exchange ActiveSync mail, calendar, and account data are wiped.”

So as I read this, the server admin can choose to wipe either the email account or all data from an iPhone.

I can’t find any information about a calendar only connection to a MS server. Personally, just to be safe, I would assume any connection to the server would allow a remote wipe.

Maybe one of us needs to bite the bullet and do a live test? :smiley: Any takers??

1 Like

I have experienced a remote wipe once. The company admin somehow thought it was a good idea to initiate a remote wipe of the complete phone when an unlock request failed 3 times. The admin did not anticipate that fingerprint unlock might fail a few times when having wet hands from rain… I was already annoyed that unlocking my phone failed but was even more annoyed when it initiated a complete wipe :smiley: On this device I only had an Exchange Online account added in iOS and used the native apps.

Fortunately I already had some experience with admins selecting, seemingly, random options when configuring policies without thinking about consequences, and always made sure I had backups of data :slight_smile: .