As businesses increasingly embrace Bring Your Own Device (BYOD) policies, the line between personal and professional device use becomes blurred. With this integration comes the critical need for robust mobile device management (MDM) solutions.

Microsoft Intune works as a powerful MDM tool that many businesses leverage to secure and manage devices accessing corporate data. A common question arises in this context: “Can Intune wipe a personal device?”

Understanding Intune’s Capabilities

Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). It allows businesses to control how their devices, including personal devices, are used.

Intune ensures that devices and apps are compliant with your company’s security requirements, providing a level of control over corporate data without infringing too deeply on personal privacy.

Wiping a Device: Full vs. Selective Wipe

Full Wipe

A full wipe restores a device to its original state, erasing all data, apps, and settings. This action is typically reserved for corporate-owned devices that are lost, stolen, or decommissioned.

For personal devices enrolled in a BYOD program, a full wipe is not the default action due to privacy concerns and potential legal implications.

Selective Wipe

Intune offers a more nuanced approach for personal devices through selective wipe. A selective wipe removes only corporate data and apps that are managed by Intune, leaving personal data, apps, and settings intact. This approach ensures that while corporate data is protected, the end user’s personal information remains unaffected.

How Selective Wipe Works

When a personal device is enrolled in Intune, it distinguishes between corporate and personal data using policies and configurations. If an employee leaves the company or if the device is lost, an administrator can initiate a selective wipe through the Intune console. This action will:

  • 1

    Remove company email profiles and data.

  • 2

    Uninstall managed apps and their associated data.

  • 3

    Revoke access to corporate resources such as Wi-Fi and VPN settings configured by Intune.

  • 4

    Delete any company data stored in apps that support Intune’s app protection policies.

By performing a selective wipe, businesses ensure their sensitive information is not compromised while respecting the user’s personal data and privacy.

Privacy Considerations

Intune’s ability to differentiate between corporate and personal data is key to maintaining trust in a BYOD environment. Employees can be assured that their personal photos, messages, and apps remain private and untouched.

This distinction is crucial in encouraging employees to enroll their devices in an MDM program without fear of losing personal information.

Conclusion

While Intune has the capability to perform a full wipe on a device, it is typically used for corporate-owned devices. For personal devices, Intune’s selective wipe feature strikes a balance between security and privacy, ensuring that only corporate data is removed while personal information remains intact. This functionality makes Intune a trusted solution for businesses looking to manage a diverse range of devices in a secure and user-friendly manner.

Amplifying efficiency and security

The Intune Suite Guide

Learn about features and strategies such as:

  • Endpoint Privilege Management: elevate user access privileges as needed

  • Enterprise App Management: discovery, packaging, deployment and patching of Windows apps

  • Cloud PKI: publish and distribute certificates from Intune without complex PKI

  • Tunnel for MAM: secure access to LOB apps from unmanaged mobile devices

  • Advanced Analytics: predict which machines, applications and users will have issues

  • Remote Help: unlock the seamless interface between the service desk agent and end-user

Andrew Reade