Removing corporate data from BYOD devicesSolved

Participant
Discussion
2 years ago

Our employees will be using personal mobile devices for work for a short time until we can get corporate owned devices to them. We need to wipe all corporate data from these personal devices once company assets reach them, this is pretty straightforward with Android work profiles since they are wiped automatically when removed.

Any tips on how to do this with iOS? We need to ensure corporate resources aren’t accessible after removing a profile or disenrolling the device.

FYI these are personal devices and not supervised…

Replies (3)

Marked SolutionPending Review
Participant
2 years ago
Marked SolutionPending Review

We do have a corporate data wipe option on iOS: https://www.hexnode.com/mobile-device-management/help/wipe-corporate-data-from-a-device-using-hexnode-mdm/

Disenrolling a device will remove all data associated with the device from your Hexnode MDM portal, and you won’t be able to access it again.

You should be using Business Containerisation and Managed Domains on your devices which further separates corporate resources from personal data.

Marked SolutionPending Review
Participant
2 years ago
Marked SolutionPending Review

I have got some references for you:

You can configure your apps in certain ways on BYOD devices to prevent loss of sensitive corporate data, for example, For Mandatory apps in iOS, you can enable the option to Remove the apps from the device on policy removal.

You can choose to install apps as in house apps on your iOS devices. With this you’ll have the option to prevent backups and automatically remove the app on disenroll.

https://www.hexnode.com/mobile-device-management/help/apple-mdm-app-distribution/

Removing the apps using the Uninstall Application action in Device Actions will require permission from the user for unsupervised devices.

https://www.hexnode.com/mobile-device-management/help/remove-ios-apps-from-devices-using-hexnode-mdm/#remove-apps-from-devices-via-uninstall-application-action

Even if the Mail and other accounts are configured through a policy, accounts will be removed when the profile is removed. You could use restrictions to further prevent syncing managed app data with the cloud.

https://www.hexnode.com/mobile-device-management/help/set-up-ios-mdm-restrictions-using-hexnode-mdm/#configuring-ios-device-restrictions-via-mdm-policy

Marked SolutionPending Review
Participant
2 years ago
Marked SolutionPending Review

Need to test these out, thanks for the info