We help IT Professionals succeed at work.

Disable remote wipe capability in Exchange 2019

Tyler Brooks
Tyler Brooks asked
on
I'm configuring an Exchange 2019 server for a client and the business owner saw the permission request for mobile device wipe when setting up the email on his phone. He is now insisting that he doesn't want his phone to be able to be wiped from the server. I've emphasized to him that this has been a feature of Exchange since at least 2010, and that it's an important security feature but he is adamant.

As far as I'm aware there isn't anyway to actually prevent the server from being able to do this short of having him connect IMAP which I don't want to even bring up.

Am I correct in this or is there something I've overlooked?
Comment
Watch Question

Saif ShaikhServer engineer

Commented:
Use Exchange Online PowerShell to wipe a user's phone
You can use the Clear-MobileDevice cmdlet in Exchange Online PowerShell to wipe a user's phone.

The following command wipes the device named WM_TonySmith and sends a confirmation message to admin@contoso.com.

PowerShell

Clear-MobileDevice -Identity WM_TonySmith -NotificationEmailAddresses "admin@contoso.com"


OR you can use ECP to do the wipe.

Select the user mailbox and click on ‘View details’.

You will be seeing the devices the user has used to connect through ActiveSync protocol. Select the device and click on details to find out more information about the device including last sync date and time. This will be helpful to find out which devices are being used by user currently to access corporate emails.

To wipe a device such as smartphone iPhone or Android or tablet like iPad and Samsung Android tablet, select the device and click Wipe option.

Remember: This normal wipe from Exchange 2013/2016 control panel will wipe the entire phone/tablet and reset the device to factory default. This is not a selective wipe to erase only company data. It will erase company data/emails and also all the other personal data on the phone to reset factory defaults.

The wipe will be initiated once the device tries to connect mail server. As the warning message says, it will erase the all data on the phone/tablet.
Tyler BrooksNetwork & Systems Administrator

Author

Commented:
Saif, I'm trying to disable the capability to wipe the phone from the server. I know how to do it for clients who want it, what I'm asking is how do I prevent the server from being able to wipe users phones?
Saif ShaikhServer engineer

Commented:
I don't think the server does it on it';s own.
Tyler BrooksNetwork & Systems Administrator

Author

Commented:
Sorry I mis-spoke, I don't want an Exchange admin on the server to be able to wipe users phones.
Network & Systems Administrator
Commented:
Based on my research I'm confident in saying there isn't a way to do what the client wanted so I've simply told him that.
Saif ShaikhServer engineer

Commented:
Ok Well that fines. Education is always necessary cause at times people try to change the DESIGN.