4. Understanding and Using Remote Device Wipe
Although passwords help to protect mobile devices, they don't prevent
access to the device. Malicious individuals could still gain access to
data. In the event that a device is lost or stolen, you can use Remote
Device Wipe to instruct a mobile device to delete all its data.
An administrator or the owner of the device can prevent the
compromising of sensitive data by initiating a remote device wipe. After
you initiate a remote device wipe and the device receives the request,
the device confirms the remote wipe request by sending a confirmation
message and then removes all its data the next time it connects to
Exchange Server. Not only does this return the device to its factory
default condition, but it also removes any data stored on any storage
card inserted into the device. Wiping the data should prevent it from
being compromised.
The easiest way to wipe a device remotely is to have the device owner
initiate the wipe using Outlook Web App. When the device acknowledges
the request, the user will get a confirmation e-mail. Alternatively, an
administrator can log on to Outlook Web App as the device owner and
initiate the remote wipe. To do this, follow these steps:
-
Open your Web browser. In the Address field, type the Outlook Web App URL, such as https://mail.cpandl.com/owa, and then press Enter to access this page.
-
When prompted, provide the logon credentials of the user whose device
you want to wipe. Do not provide your administrator credentials.
-
On the Outlook Web App toolbar, click Options.
-
The left pane of the Options view provides a list of options. Click Phone.
-
The user's mobile devices are listed in the details pane. Select the device you want to wipe, and then click Wipe Device.
-
Confirm the action when prompted.
-
Click Remove Device From List.
Note
You can use Outlook Web App for remote device wiping only if the user
has used the device previously to access Exchange Server and if you
have enabled the Segmentation feature of Exchange Active Directory
Integration (which is the default configuration).
Caution
Because wiping a device causes complete data loss, you should do this
only when you've contacted the user directly (preferably in person) and
confirmed that the mobile device has been lost and that he or she
understands the consequences of wiping the device. If your organization
has a formal policy regarding the wiping of lost devices that might
contain sensitive company data, be sure you follow this policy and get
any necessary approvals. Keep in mind that while a remote wipe makes it
very difficult to retrieve any data from the device, in theory this is
possible with sophisticated data recovery tools.
In the Exchange Management Shell, you can list the mobile devices registered as partners for a user's mailbox using the Get-MobileDeviceStatistics
cmdlet. The device identity you want is the DeviceId string. If the
user has multiple mobile devices, also be sure to consult the
DeviceModel and DeviceOperatorNetwork values.
After you know the mobile device identity, you can issue a remote device wipe command using the Clear-ActiveSyncDevice
cmdlet. You then need to confirm that you want to wipe the device when
prompted by pressing the Y key. Samples Example 9 and Example 10
provide the syntax and usage for Get-MobileDeviceStatistics and
Clear-ActiveSyncDevice cmdlets, respectively. With
Get-MobileDeviceStatistics, you can specify either the unique identity
of the remote device or the user mailbox you want to work with. The
–GetMailboxLog parameter retrieves mailbox logs and usage information.
Use the –OutputPath parameter to direct the statistics to a specific
folder path or the –NotificationEmailAddresses parameter to e-mail the
statistics to specified e-mail addresses.
Note
If you determine that you've made a mistake in issuing a remote wipe,
you should immediately issue a cancellation request using the
Clear-ActiveSyncDevice cmdlet. Here, set the –Cancel parameter to $true.
The remove device processes the cancellation request only if the remote
wipe has not yet been initiated.
Example 9. Get-MobileDeviceStatistics cmdlet syntax and usage
Syntax
Get-MobileDeviceStatistics -Identity DeviceIdentity
Get-MobileDeviceStatistics -Mailbox MailboxIdentity
[-GetMailboxLog <$true | $false>]
[-NotificationEmailAddresses EmailAddress1, EmailAddress2, . . .]
[-OutputPath Path] [-ShowRecoveryPassword <$true | $false>]
Usage
Get-MobileDeviceStatistics -Mailbox "David Pelton"
Example 10. Clear-ActiveSyncDevice cmdlet syntax and usage
Syntax
Clear-ActiveSyncDevice -Identity MobileDeviceIdentity
[-Cancel <$true | $false>] [-DomainController DCName]
[-NotificationEmailAddresses EmailAddress1, EmailAddress2, . . .]
Usage
Clear-ActiveSyncDevice -Identity "Mobile_DavidP"
Clear-ActiveSyncDevice -Identity "Mobile_DavidP" -Cancel $true
Reviewing the Remote Wipe Status
When you initiate a remote wipe, the mobile device removes all its
data the next time it connects to Exchange Server. You can review the
remote wipe status using an alternate syntax for the Get-MobileDeviceStatistics
cmdlet. Instead of passing the cmdlet the –Mailbox parameter, use the
Identity parameter to specify the DeviceId string of the device you
wiped. The statistics returned will include these output parameters:
-
DeviceWipeRequestTime The time you request a remote wipe
-
DeviceWipeSentTime The time the server sent the remote wipe command to the device
-
DeviceWipeAckTime The time when the device acknowledged receipt of the remote wipe command
If there is a DeviceWipeSentTime timestamp, the device has connected
to Exchange Server and Exchange Server sent the device the remote wipe
command. If there is a DeviceWipeAckTime timestamp, the device
acknowledged receipt of the remote wipe and has started to wipe its
data.
