How to remote wipe a mobile device Exchange Online account

Case

You need to perform a remote wipe of either the entire mobile device apps and files or of the Exchange Online ActiveSync account only. This is useful in cases when a certain mobile device is lost and sensitive data which is stored in local storage in the mobile device are at risk.

Solution

The following options are available out of the box in Exchange Online ActiveSync for remote data wipe:

  • Wipe Data remote wipe.
  • Account Only Remote Wipe Device remote wipe.

There are important differences between how Outlook responds and how native mail apps on iOS and Android respond to these different wipe commands. Outlook for iOS and Outlook for Android support only the Wipe Data command, which wipes only data within Outlook. The Outlook app will reset and all Outlook email, calendar, contacts, and file data will be removed, but no other data is wiped from the device. The Account Only Remote Wipe Device command is therefore redundant and is not supported by Outlook for iOS or Android. However, if a native iOS or Android mail app is connected to Exchange and receives a Wipe Data command from Exchange ActiveSync, all data on the device will be wiped, including photos, personal files, and so on. If a native iOS or Android mail app is connected to Exchange and receives an Account Only Remote Wipe Device command from Exchange ActiveSync, only the native mail app’s Exchange ActiveSync mail, calendar, and account data are wiped.

Based on the above behavior and rationale, it is important to first know what time of mobile client agent version a specific user is making use before issuing the remote wipe command.

In order to retrieve a list of ActiveSync enabled mobile devices for a mailbox follow the process below.

  1. Download and install the Powershell Exchange Online V2 module from https://www.powershellgallery.com/packages/ExchangeOnlineManagement/2.0.3. Always look for the latest version. Install and import by running following cmdlets.
    Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.3
    Import-Module ExchangeOnlineManagement
  2. Run the following cmdlets if connecting via Moderm Authentication without MFA.
    $UserCredential = Get-Credential
    Connect-ExchangeOnline -Credential $UserCredential -ShowProgress $true
  3. Run the following cmdlets if connecting via Azure MFA.
    Connect-ExchangeOnline -UserPrincipalName [email protected] -ShowProgress $true
  4. After having connected to the Exchange Online service run the following cmdlet to receive all details about the mobile devices assosiated with a certain mailbox.
    Get-EXOMobileDeviceStatistics -mailbox [email protected]
    Look for the DeviceUserAgent property which is returned by the above cmdlet. If Outlook Mobile it will read “Outlook *” . If native mobile app is running it will not mention the word Outlook.
  5. Close the Exchange Online Powershell connection when done.
    Disconnect-ExchangeOnline

Please note that if you are making use of Microsoft Intune for mobile device management, you should be using Intune for the remote wipe actions and not the Exchange Online management console.

Now that you are aware of the mobile email client version which your affected users are running in their mobile devices and in order to perform a remote wipe of a mobile device, in the classic Exchange Online Admin Center navigate to the Recipients –> Mailboxes page and select the mailbox in question. On the right side pane under the “Mobile devices” section click on “View Details”.

In the details page you can edit the mobile devices of the selected Exchange Online mailbox and perform remote wipe actions. These are available under the “Wipe Data” icon.

When you use the Exchange admin center to issue an account-only wipe, the message in the confirmation prompt is the following. It will erase the mobile account only when the mobile device next connects to exchange online.

Sources

https://docs.microsoft.com/en-us/exchange/clients/exchange-activesync/remote-wipe?view=exchserver-2019&viewFallbackFrom=exchserver-online

Was this article helpful?

Related Articles