I'm configuring an Exchange 2019 server for a client and the business owner saw the permission request for mobile device wipe when setting up the email on his phone. He is now insisting that he doesn't want his phone to be able to be wiped from the server. I've emphasized to him that this has been a feature of Exchange since at least 2010, and that it's an important security feature but he is adamant.
As far as I'm aware there isn't anyway to actually prevent the server from being able to do this short of having him connect IMAP which I don't want to even bring up.
Am I correct in this or is there something I've overlooked?
You can use the Clear-MobileDevice cmdlet in Exchange Online PowerShell to wipe a user's phone.
The following command wipes the device named WM_TonySmith and sends a confirmation message to email@example.com.
Clear-MobileDevice -Identity WM_TonySmith -NotificationEmailAddresse
OR you can use ECP to do the wipe.
Select the user mailbox and click on ‘View details’.
You will be seeing the devices the user has used to connect through ActiveSync protocol. Select the device and click on details to find out more information about the device including last sync date and time. This will be helpful to find out which devices are being used by user currently to access corporate emails.
To wipe a device such as smartphone iPhone or Android or tablet like iPad and Samsung Android tablet, select the device and click Wipe option.
Remember: This normal wipe from Exchange 2013/2016 control panel will wipe the entire phone/tablet and reset the device to factory default. This is not a selective wipe to erase only company data. It will erase company data/emails and also all the other personal data on the phone to reset factory defaults.
The wipe will be initiated once the device tries to connect mail server. As the warning message says, it will erase the all data on the phone/tablet.