One of the most important reasons to properly manage Android devices within an organization is to protect corporate data.
Organizations can require any Android devices that employees use for work purposes to comply with company policies before gaining access to corporate data. After allowing access, organizations can still control the corporate data and remotely wipe it from the Android devices.
When an Android device is stolen or lost, an IT administrator can trigger a remote wipe to make sure that the corporate data doesn't get into the wrong hands. A remote wipe can also be useful in BYOD scenarios. For example, when an employee decides to leave the organization and should no longer have access to corporate data, IT can wipe any corporate data from the BYOD Android smartphone while leaving personal data intact.
For IT admins that use mobile device management (MDM) to manage employee devices, there are two different options for wiping an Android device. Admins can choose to either wipe a device or wipe an account. These options are also referred to as a full wipe and a selective wipe, respectively. When managing devices in Microsoft Intune specifically, admins will see these options as a wipe and a retire. While the naming varies between platforms, the two methods each have consistent outcomes. The options achieve the following results:
Besides the different wipe options for Android devices, most MDM vendors also provide wipe options for managed apps on Android devices. In Microsoft Intune, there are managed apps that support multiple identities. If admins wipe the corporate data from those managed apps, the action will not affect any personal data in the same app. This method is especially useful for personal Android devices.
The availability of the different wipe options for Android devices depends on the MDM provider, as well as the management privileges on the device. With Android smartphones, users can have either profile owner permissions or device owner permissions on the device. Those permissions are mainly related to the ownership of the Android device and the type of management it is under.
On a personally owned Android device, the user must install the management app of the MDM provider and enroll the Android device. After enrollment, the management app creates a separate work profile on the Android device. That provides the organization with profile owner permissions within the work profile.
On corporate-owned Android devices, the device is enrolled into the MDM provider during the out-of-box experience. For most management types, this provides the organization with device owner permissions on the Android device. However, there is one exception: corporate-owned Android devices with Work Profile. In this case, the organization has profile owner permissions plus a bit more on the Android device. From a wipe perspective, the effect is the same as for all corporate-owned Android device management types.
The following management types are most common for Android devices:
Depending on the management type and ownership situation, there are different available wipe options (Figure 1).
IT admins can perform a remote wipe of an Android device through the organization's MDM provider. For most MDM providers, the process is relatively easy to carry out. Using Microsoft Intune as this example, admins can remotely wipe an Android device by following these steps:
1. Open the Microsoft Endpoint Manager portal, sign in with an account with the required permissions and navigate to Devices > Android > Android devices.
The user performing the remote wipe or remote retire action in Microsoft Intune needs at least the Wipe and Retire permissions that are available within the Remote tasks category.
2. On the Android | Android devices page, select the specific Android device and click on Wipe or Retire, depending on the management type of the Android device (Figure 2).
3. On the confirmation dialog box, make sure to be familiar with the impact of the remote action before clicking to continue (Figure 3).
Additionally, most MDM vendors provide methods for further automating this process in specific situations. In Microsoft Intune, there is the option to automatically retire an Android device when it doesn't comply with company policies. When the device is not compliant, Microsoft Intune adds it to a list with noncompliant devices in the portal. IT administrators can go through that list and either retire a specific device on it or retire all the devices on it.
Part of: Remote wipes for mobile devices
Employees like having email and other Office 365 applications on their smartphones. There are security risks that come with mobile devices accessing corporate data, however.
A remote wipe is a vital security tool as mobile devices become more common in the workplace. In organizations allowing work data on iPhones, IT should know the iOS wipe options.
When a device is lost or no longer needed for work purposes, a remote wipe can keep corporate data secure. This is a vital safeguard for mobile Android devices in the workplace.
Cisco ThousandEyes general manager Mohit Lad aims to have the internet monitor adapt to changes in the WAN without human ...
Despite bandwidth calculations and capacity planning, networks often fail to consume bandwidth efficiently. Here are some tips to...
Juniper has added three features to its AIOps networking assistant to improve troubleshooting and give more insights into the ...
The contact center-as-a-service market is ripe for growth as businesses move to the cloud. That's inviting a new crop of vendors ...
Remote and hybrid workers will use a Microsoft Viva app to share and react to posts and build relationships with other employees.
Meta will eventually let companies create and manage accounts for its virtual reality headsets. The move is part of a push to ...
To protect your organization's data and prevent its misuse, incorporate these 10 data security best practices into your ...
Changes in top ransomware-as-a-service groups like LockBit 2.0 and Conti accounted for the decline in activity, though NCC Group ...
A flaw in Questions for Confluence, a first-party application in Atlassian Confluence, contains a hardcoded password enabling ...
All Rights Reserved, Copyright 2003 - 2022, TechTarget Privacy Policy Cookie Preferences Do Not Sell My Personal Info