Hi All - We have only iOS devices so this would be iOS specific. If a staff member loses a device or it is stolen, what is the best practices for handling the device? All of our devices have passcodes so they are automatically encrypted. Best practices typically say to enterprise wipe the phone but what if I can put it in lost mode to display a message to the user AND gain the location of the device? The phone is locked and allows the user to call the number listed on the phone but if it were enterprise wiped, that isn't possible. All of our devices are 100% DEP so the device is pretty useless to the thief unless they sell it to someone who is unsuspecting. To add, enterprise wiping the device pretty much opens up the device to the thief unless they factory wiped it. This seems like the worst way of handling it but seems to be the best practice for HIPAA and other controls.
Also, one thing that I noticed. We have disabled automatically enable/disable users in AirWatch when they are deactivated in AD....why?... Because I remember years ago when a user would have a phone, then would be fired, and the phone would enterprise wipe. This prevented us from displaying the message mentioned above and also disabled us from capturing the location of the device. Did AirWatch fix this with... Devices and Users - General - Enrollment - Grouping ' Default Action for Inactive Users' set to disabling enrollment on other devices? I am scared to turn this on.
Thanks!