How many users know that IT can wipe their personal devices even without MDM?

How many users would be surprised to find out that IT has the power to wipe their device, even without a mobile device management solution in place?


How many users would be surprised to find out that IT has the power to wipe their device, even without a mobile device management solution in place? I’m referring, of course, to Exchange ActiveSync, which can remote wipe devices that are connected to it.

When users enroll their personal devices into mobile device management and have configuration profiles applied, they usually receive an explicate warning that IT can remote wipe their devices (as well as see what personal apps are installed, or do whatever else the MDM solution is set up to do). It’s a transaction with known concessions and benefits, as I wrote about last week.

With Exchange ActiveSync, a similar give and take agreement takes place, but in this case users are often in the dark about it. There’s no warning screen that pops up when a device is enrolled, and it’s not common knowledge among users.

Rolling out a company-wide MDM solution can be a big event. There’ll be water cooler talk about it, and because the changes that come from MDM are probably more active then just using remote wipe once in a while, employees will know what’s going on. Plugging personal devices into EAS would have happened earlier and more gradually.

How many people connect their person iPad to their corporate email, just for occasional use? They may have a corporate laptop and phone, but perhaps their tablet’s only connection their company is an EAS link that was made one day when they left their laptop in the office. Many users keep their primary devices backed up to various cloud services, so while it would be a little bit annoying, an unexpected remote wipe would hardly be a catastrophe. But if a device that’s not used for work very often or that’s shared with a family or spouse were to be remote wiped, the wipe might be much more disruptive.

EAS can also let IT disable cameras and web-browsers, but since that’s an active change, users would notice it immediately. The feeling that I get is that using EAS to wipe devices is actually pretty rare, but the fact remains that it’s a possibility that most users are completely unaware of.

If you have any stories about anything like this happening, please share them in the comments!


Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Another thing is passwords; people could suddenly be confronted with security policies and could suddenly be confronted with 1) having to enter a password and 2) it needs to comply with certain restrictions. So? First, people get a visual confirmation which they need to confirm that their device is going to be enforced with certain security policies when synchronizing with WM6/WP7; don't know about iOS/Android. Since it's up to the client to show this, it's not an EAS issue. EAS does prescribe the ability to process policies, wipe, etc.  

If users are so keen to sync their devices with their mailbox, they should comply with company policies. What you're suggesting is that it's a bad thing people perhaps don't see - or ignore - that their company is able to wipe their device, while on the other hand company policy prescribes the ability to remotely wipe devices with a certain level of information which is a good thing if it gets lost or stolen.


Right, with passwords that user will notice right away—iOS and Android will both prompt the user to set a password immediately, as well. And I agree, users should be aware of their company's policies, but I wonder how many might sync to EAS without knowing that remote wipe is present?


An informal 10 second poll of the 2 coworkers closest to my desk yielded the result of 50%


A remote wipe consent box popped up on my old Android the first time I connected it to ActiveSync. It didn't happen on my iPhone, though.