Author: Enterprise Mobility Team
Subject: Registering BYOD devices
As Carol Burnett often said, “Seems we just get started, and before you know it…” We hope that you enjoyed this blog series (although there was no singing during its creation) and–more importantly–seen some of the newest features of identity, mobile device management, virtualization, and Access and Information Protection. Perhaps you’ve even been inspired to try some of them out.
Just as our blog posts—and funny TV shows—wind down, so sometimes do the relationships among a device, a user, and the organization. People resign (or are asked to leave); projects change; and—unfortunately—devices are lost, stolen, and repurposed. Sometimes, they leave the authorized user’s hands (or the user leaves) without the IT department having had a chance to properly sanitize the corporate data.
An advantage of the Microsoft enterprise mobility capabilities is the ability to selectively wipe the corporate data from the client. Some devices support a complete wipe of the device, which is appropriate in some instances, but with the blend of personal and corporate information, organizations may not be authorized to fully wipe a device. This is particularly true if the device is returned to solely personal use.
The ability to selectively wipe a device is delivered through the Windows Intune Selective Wipe feature (or other Windows Encrypting File System application programming interface [API] management tools). How the data is actually wiped (at a technical level) varies by platform. Always, the information becomes inaccessible; whenever possible, it is also removed.
If you use Windows Intune, you can invoke Selective Wipe through the Intune interface, but because selective wipe is API-based, developers can call the API directly. An increasing number of apps are using Selective Wipe, such as Work Folders and the Windows Store Mail app, which store or synchronize data on a client device. For an overview of Selective Wipe, see Windows Selective Wipe for Device Data Management.
For Work Folders, all you have to do to selectively wipe the organization’s data from the device is to remove the device from management, that’s it.