How to Perform a Remote Hard Reset on an iPhone
Securing data on mobile devices is important for companies, and iPhones are no exception.
If corporate data is accessed through applications or local storage on devices that do not comply with corporate policies, sensitive data can fall into the wrong hands. This prospect is of particular concern for mobile devices, which are generally easier to lose than other terminals. In BYOD or COPE scenarios, these devices may also contain personal data, making security even more difficult. IT should be able to remotely wipe company data when a user leaves the company or their device is lost or stolen.
However, the procedure for remotely wiping a device varies between mobile platforms. In organizations that allow iPhones to be used as work tools, IT administrators should be aware of options for resetting these devices.
Reset options for managed iPhones
When managing employee devices with special software (MDM, Mobile Device Management), there are several ways to reset iPhone remotely. These options are the same for Android devices and almost all other platforms. Only the name of the method differs by platform, sometimes even by the publisher of the MDM tool. For iOS and macOS devices, administrators can choose between a hard reset (full wipe) and one delete selector. For devices managed with Microsoft Intune, the options are named instead reset (delete) and cancel (remove). Regardless of the name used, the results are often the same. Various operations have the following effects:
- Full reset. This operation restores the iPhone to its factory settings and settings, removing all user accounts, data, and MDM policies and settings. Be careful with this action because it cannot be undone. In Microsoft Intune, it is simply referred to as Reset (Delete).
- Selective deletion. This option clears only managed app data, policies, and MDM settings by removing the management profile from the iPhone. Personal data is not affected by selective deletion. This is called a decommissioning (Delete) In Microsoft Intune.
Reset options based on iPhone registration
The availability of different reset or erase options depends on the type of iPhone registration. The MDM vendor may not have the necessary permissions to perform a full wipe, as the enrollment option is often tied to device ownership.
On a personal iPhone, the user must install the MDM provider’s management software to enroll the device, during which they will make certain decisions. To begin with, they can mark the device as personal property or company property. In addition, it chooses whether the MDM tool will protect the entire device or just corporate data and applications. An IT admin can perform a hard reset on a fully secure device.
However, if the user has Activation Lock enabled, it will be more difficult for an administrator to perform this reset. When the device is locked to the user’s personal Apple ID, it will be difficult to reactivate the iPhone. This is one of the reasons companies use Automated Device Enrollment (ADE), which is part of Apple Business Manager for corporate iPhones. In addition, ADE provides a positive user experience from the start.
Getting started with ADE is simple. Registration is based on Apple’s Setup Assistant and ensures proper device management. The most common registration options for iPhones are User Registration for personal devices and ADE for corporate devices (Figure 1). The latter can also distinguish between iPhones with or without user proximity. Devices without user proximity are usually shared. It is often technically possible to perform a selective wipe for these devices, but this option may not make the most sense in such situations.
How to remotely erase an iPhone with Microsoft Intune
With most MDM vendors and most device platforms, the steps required to remotely wipe a device are fairly straightforward. Using Microsoft Intune as an example, administrators can remotely reset an iPhone by:
- Open the Microsoft Endpoint Manager portal and sign in to an account with the required permissions. Go to Devices > iOS/iPadOS > iOS/iPadOS devices.
- In Microsoft Intune, a user performing a remote wipe or logout operation must have at least the Remove and Use permissions listed in the Remote tasks category.
On the iOS/iPadOS devices page, select and click the desired iOS device delete Where took itdepending on the available options for the iPhone in question and the goal sought (picture 2).
Before proceeding, make sure you understand the results described in the confirmation dialog box (Figure 3).