Mobility is a fact of modern IT life. Devices are mobile, users are mobile — and, most importantly, so is their data. That data mobility can create sleepless nights for diligent IT admins, and remote wiping of mobile devices is a critical feature of mobile device management for precisely this reason. Unfortunately there is often a delay between when a remote wipe becomes necessary and when IT is notified by the user of this fact. During this time the data stored on the device is exposed and vulnerable.
Empowering users to wipe their devices themselves is a great way to eliminate, or at least reduce, the “vulnerability gap” between when a remote wipe is needed and when it is performed. In an Exchange 2007/2010 or Office365 environment where Outlook Web Access and Exchange ActiveSync are enabled, the process is quick, easy, and safe. Train users to follow the instructions I’ve provided below, and they will have the knowledge needed to remove sensitive data from lost or stolen devices.
First, open an Internet browser such as Internet Explorer, navigate to the Outlook Web Access (OWA) URL, and log in.
Once logged in, the OWA Inbox will display. Click Options in the upper right, then click See All Options.
The account options screen will display.
On the left side of the screen, click Phone. The Phone options screen will display. Click Mobile Phones at the top. A list will appear of all mobile devices that have used Exchange ActiveSync to connect to this mailbox.
Find the device in the list, click once to highlight, and then click Wipe Device.
When prompted, click Yes to confirm you want to wipe the device. Note: Clicking Yes will initiate a remote wipe erasing all data on the device and returning it to an out of box state. Be sure this is your goal!
The screen will return to the Phone options, but the device will be listed with a status of Wipe Pending.
Wait a minute or two and then click the Refresh button, which looks like two arrows chasing each other in a circle. The status should change to Remote Device Wipe — if that’s what you see, then congratulations! However, if Wipe Pending is still displayed, wait a few minutes and click the refresh button again. Repeat this process as necessary until Remote Device Wipe Successful appears.
We’ve completed the most important step, and the device is wiped. However, to keep everything nice and neat it’s important to remove the device association from the mailbox. Simply click the Delete button, which looks like an X.
Click Yes to confirm deleting this mobile phone profile.
That’s it! The mobile device no longer appears in the list of associated devices for the account.
The next time the user checks e-mail, he or she will notice a confirmation message that the mobile device was wiped. It will also remind him or her to delete the device association if it hasn’t already been done.
In the mobile era, it’s often just a matter of time that someone’s device is lost or stolen. Teach users how to erase data from their own devices and the risk of compromised data diminishes. The above method is just one of many. Watch for more Petri articles in the future to learn other techniques.