Can my iPhone be wiped when I am connected to my employer's Exchange server?
https://apple.stackexchange.com/questions/344261
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I connected to my employer's Exchange server in order to receive email, calendar, etc... In the small print of the instructions, it was mentioned that by doing that, the administrators gain the right to remotely wipe my phone. Note that I own the phone - not the employer.
There are several documents on the internet that provide instructions (while not mentioning iPhone specifically, but rather generic "phone").
Is remote wipe actually possible with an iPhone just by connecting to an employer's Exchange server?
Solution
Yes, depending on how things are configured, your employer may be able to wipe your device. The ability to wipe only the Exchange account data was added later as an optional wipe mode.
From another TechNet article:
Your users carry sensitive corporate information in their pockets every day. If one of them loses their mobile phone, your data can end up in the hands of another person. If one of your users loses their mobile phone, you can use the Exchange admin center (EAC) or the Exchange Management Shell to wipe their phone clean of all corporate and user information. (emphasis added)
In other words, the phone is not "completely erased" -- but all user data is destroyed. I believe this is accomplished on iOS by throwing away the encryption key. The operating system remains, but all user data is gone.
For example:
In June of 2016 Microsoft announced an update to the Exchange ActiveSync protocol which they called EAS 16.1. Among the improvements in EAS 16.1 was the addition of account-only remote wipes, which allows an administrator to issue a remote wipe for only the Exchange mailbox data on a mobile device. Previously, a remote wipe for an ActiveSync device would wipe the entire device if the user was using a native mail application to connect from the device.
OTHER TIPS
In most cases, the answer is yes. The iOS device running iOS 10+ can be completely erased if a corporate exchange account resides on the device.
In the latest version of 2016 Exchange Server on-premises, by default, there are 2 versions of remote wipe that can take place. The first only removes the exchange account, and the second is a complete wipe; meaning complete wipe functions exactly like using the built in iOS settings, general, "erase all content and settings" function.
There is no prompt on the exchange admin end to enter any Apple ID password, nor passcode...
If you're allowing your personal iOS device to connect to your company's Exchange Services, please read the use agreement careful before you sign.
If you keep local backups in iTunes, you will be able to restore your iOS from a backup.
I just initiated a test of remote wipe as of this writing, so this info is timely.
