VMware Workspace ONE Community
Boe_K
Enthusiast
Enthusiast
‎07-02-2019 07:51 AM

Device Wipe via Compliance Policy

Hello when I look at the current compliance policy options I see Enterprise Wipe which works great for BYOD devices but I would like to enable some compliance policies for my DEP based devices and have them do a full Device Wipe so they are back at the initial enrollment screen when they don't meet a specific criteria.
Labels (1)
Labels
0 Kudos
3 Replies
AbrahamSanchez
Contributor
Contributor
‎07-02-2019 08:10 AM

Boe,
You may want to test this first.  It's been a while but I believe an Enterprise Wipe on a DEP device will brick the device.   Device wipe I believe is the correct way for DEP.  I am sure others will chime in. 
0 Kudos
Boe_K
Enthusiast
Enthusiast
‎07-02-2019 08:49 AM

Thanks Abraham I've actually done both never had an issue with either. My problem is ' Device Wipe'  is not in the drop down of options when creating a complaisance policy so my only option if I enable it is ' Enterprise Wipe'  but once that happens the user loses all the work data but then has pretty much free reign over the device. I wan't ' Device Wipe'  enabled so that the device reboots and is back at the initial login screen so they can't do anything until they re-enroll which in return would force down all the restrictions again.

Main reason I want this is to ensure that our Passcode Policy is fully enforced as of right now they get a pop up to set one and if they don't they get an email saying they have 7 days to fix the issue. If they don't set it up after that I want the device to wipe. If a user has that happen a time or two they will quit ignoring the prompt and setup the passcode as they are suppose too 🙂
0 Kudos
LukeDC
Expert
Expert
‎07-02-2019 10:55 AM

Hey folks! An enterprise wiped DEP device just removes the MDM profile, even if it's supposed to be locked in place. My feeling has always been that no one wants to implement a policy that could potentially wipe an entire fleet out by mistake. I've had other MDM's do this by the way and it wasn't fun!

Here is something equally painful to do to devices. Create a single app profile that locks the device to the Hub. Apply that as a compliance policy based on your criteria.  They will have to contact you to get the device working again, so it's less destructive and just as annoying lol.
0 Kudos