Selective Wipe Corporate Data from Intune Managed Apps

In this post, you will learn about selective wipe corporate data from Intune Managed Apps. To selectively remove company app data, create a wipe request by using this guide.

Why do you need to wipe company data? When a device is lost or stolen, or if the employee leaves, you want to make sure company app data is removed from the managed device. You can initiate a wipe request for the apps, After the request is finished, the next time the app runs on the device, company data is removed from the app.

You can also configure a selective wipe of your company data as a new action when the conditions of Application Protection Policies access settings are not met. This feature helps you automatically protect and remove sensitive company data from applications based on pre-configured criteria.

Conditional launch actions within Intune app protection policies provide organizations the ability to block access or wipe org data when certain device or app conditions are not met.

Patch My PC
[sibwp_form id=2]

The iOS/iPadOS, Android, and Windows platforms are the only platforms currently supported for wiping corporate data from Intune managed apps.

Selective Wipe Corporate Data Create Device Based Wipe Request

Let’s see how you can initiate a selective wipe. The selective wipe can be performed as part of the Conditional. You can either go through the App protection policy or manually initiate a wipe request.

  • Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com/
  • Select Apps > App selective wipe > Create wipe request. The Create wipe request pane is displayed.
Selective Wipe Corporate Data from Intune Managed Apps Fig.1
Selective Wipe Corporate Data from Intune Managed Apps Fig.1

Click Select user, choose the user whose app data you want to wipe, and click Select at the bottom of the Select user pane.

Selective Wipe Corporate Data from Intune Managed Apps Fig.2
Selective Wipe Corporate Data from Intune Managed Apps Fig.2

Click Select the device, choose the device, and click Select at the bottom of the Select Device pane. Click Create to make a wipe request.

Adaptiva
Selective Wipe Corporate Data from Intune Managed Apps Fig.3
Selective Wipe Corporate Data from Intune Managed Apps Fig.3

The service creates and tracks a separate wipe request for each protected app on the device and the user associated with the wipe request.

Selective Wipe Corporate Data from Intune Managed Apps Fig.4
Selective Wipe Corporate Data from Intune Managed Apps Fig.4

Create User Based Wipe Request

By adding a user to the User-level wipe, you will automatically issue wipe commands to all apps on all the user’s devices. The user will continue to get wipe commands at every check-in from all devices. To re-enable a user, you must remove them from the list.

  • Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com/
  • Select Apps > App selective wipe > User-Level Wipe. Click Add and Select user pane are displayed.
  • Chose the user whose app data you would like to wipe and click Select.
Selective Wipe Corporate Data from Intune Managed Apps Fig.5
Selective Wipe Corporate Data from Intune Managed Apps Fig.5

Selectively Wipe Corporate Data using Intune App Protection Policy

Let’s check how to enable Intune App Protection Policies for Android and iOS devices. Here’s how you can also edit the existing app protection policy using conditional launch actions.

You can explicitly choose to wipe your company’s corporate data from the end user’s device as an action to take for non-compliance by using these settings.

  • In Intune Admin Portal. Select Apps > App protection Policies.
  • Click Create policy and select the platform of the device for your policy or edit the existing policy from the list.
  • Click Configure required settings to see the list of settings available to be configured for the policy.

By default, the table will have populated rows as settings configured for Offline grace period, and Max PIN attempts, if the Require PIN for access setting is set to Yes. The following list of actions, you can configure for Offline grace period.

  • Block access (Minutes) – Block the end user from accessing the corporate app.
  • Wipe data (Days) – Wipe the corporate data from the end user’s device.
Selectively Wipe Corporate Data using Intune App Protection Policy Fig.6
Selectively Wipe Corporate Data using Intune App Protection Policy Fig.6

Author

About Author – JiteshMicrosoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.