In this post, you will learn about selective wipe corporate data from Intune Managed Apps. To selectively remove company app data, create a wipe request by using this guide.
Why do you need to wipe company data? When a device is lost or stolen, or if the employee leaves, you want to make sure company app data is removed from the managed device. You can initiate a wipe request for the apps, After the request is finished, the next time the app runs on the device, company data is removed from the app.
You can also configure a selective wipe of your company data as a new action when the conditions of Application Protection Policies access settings are not met. This feature helps you automatically protect and remove sensitive company data from applications based on pre-configured criteria.
Conditional launch actions within Intune app protection policies provide organizations the ability to block access or wipe org data when certain device or app conditions are not met.
The iOS/iPadOS, Android, and Windows platforms are the only platforms currently supported for wiping corporate data from Intune managed apps.
Selective Wipe Corporate Data Create Device Based Wipe Request
Let’s see how you can initiate a selective wipe. The selective wipe can be performed as part of the Conditional. You can either go through the App protection policy or manually initiate a wipe request.
- Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com/
- Select Apps > App selective wipe > Create wipe request. The Create wipe request pane is displayed.
Click Select user, choose the user whose app data you want to wipe, and click Select at the bottom of the Select user pane.
Click Select the device, choose the device, and click Select at the bottom of the Select Device pane. Click Create to make a wipe request.
The service creates and tracks a separate wipe request for each protected app on the device and the user associated with the wipe request.
Create User Based Wipe Request
By adding a user to the User-level wipe, you will automatically issue wipe commands to all apps on all the user’s devices. The user will continue to get wipe commands at every check-in from all devices. To re-enable a user, you must remove them from the list.
- Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com/
- Select Apps > App selective wipe > User-Level Wipe. Click Add and Select user pane are displayed.
- Chose the user whose app data you would like to wipe and click Select.
Selectively Wipe Corporate Data using Intune App Protection Policy
Let’s check how to enable Intune App Protection Policies for Android and iOS devices. Here’s how you can also edit the existing app protection policy using conditional launch actions.
You can explicitly choose to wipe your company’s corporate data from the end user’s device as an action to take for non-compliance by using these settings.
- In Intune Admin Portal. Select Apps > App protection Policies.
- Click Create policy and select the platform of the device for your policy or edit the existing policy from the list.
- Click Configure required settings to see the list of settings available to be configured for the policy.
By default, the table will have populated rows as settings configured for Offline grace period, and Max PIN attempts, if the Require PIN for access setting is set to Yes. The following list of actions, you can configure for Offline grace period.
- Block access (Minutes) – Block the end user from accessing the corporate app.
- Wipe data (Days) – Wipe the corporate data from the end user’s device.
Author
About Author – Jitesh, Microsoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.