Remote Device Wipe - Ok Who thought this was a good idea?
Apparently, the
WIPE remote device option in Exchange 2010 wipes out the
ENTIRE device not just the exchange data on that device.
Ya, I'm not kidding!
Since when did an e-mail program have jurisdiction to wipe an entire device.
Of course, Microsoft’s not alone, Apple had to know about this as well as Google and all other phone manufacturers.
That’s the type of activity I’d expect from a virus!
So, last week, we let an employee go. Naturally, we thought that we should send a command to wipe the EXCHANGE information off of his iPhone and iPad. That makes
sense, right?
But check out this little hidden GEM:
http://technet.microsoft.com/en-us/library/bb124591.aspx
It wipes out everything on the device. Apparently Microsoft doesn't consider this a major $#%!#$ up!
Let’s be real, if this button wiped out Microsoft’s bank account, there would be a pop up message that says that
CAUTION!!! THIS WILL WIPE OUT THE ENTIRE ACCOUNT!!!
And the user would have to accept several places and sign in blood.
So the question is, when is Microsoft going to fix this major mistake?
At lease give us some options:
1.) Wipe
only Exchange information, like you thought this function was for.
2.) Wipe
Everything!!!!
Frankly, I’m worried about deleting an e-mail in Outlook now, as this may be wiping out the entire
North American Air Defense System!
Of Course there is a warning on page 46234 of the Outlook manual that has the warning!!!
Robert
October 30th, 2011 2:22pm
As far as I know, only 3rd party Mobile Device Management software can differentiate and has the ability to only wipe specific data on a remote device.
Part of problem is that each vendor implements activesync in different ways and the protocol itself ( as far as I know) doesnt have the ability to tell if something is personal versus business. That may come in the future however.
Free Windows Admin Tool Kit Click here and download it now
October 30th, 2011 3:27pm
Hi
I see your point of view, but this is how it works. It would be nice to choose what you want to delete. But they way I see it is, if you've lost a device, why would you want to delete just the Exch info, what if someone found it and got access
to the storage card with sensitive data. You'd be in trouble then.
Sukh
October 30th, 2011 3:28pm
On Sun, 30 Oct 2011 18:12:53 +0000, RobertDanis wrote:
>Apparently, the WIPE remote device option in Exchange 2010 wipes out the ENTIRE device not just the exchange data on that device.
>
>Ya, I'm not kidding!
We know!
>Since when did an e-mail program have jurisdiction to wipe an entire device.
Since you told it it could!
>Of course, Microsoft?s not alone, Apple had to know about this as well as Google and all other phone manufacturers.
>
>That?s the type of activity I?d expect from a virus!
No, that's the activity you'd expect when a mobile device containing
company information is lost or stolen.
>So, last week, we let an employee go. Naturally, we thought that we should send a command to wipe the EXCHANGE information off of his iPhone and iPad. That makes sense, right?
If that's your policy and you get agreement from the owner before
letting them synchronize their device, yes.
>But check out this little hidden GEM: http://technet.microsoft.com/en-us/library/bb124591.aspx
>
>It wipes out everything on the device. Apparently Microsoft doesn't consider this a major $#%!#$ up!
Neither do I.
>Let?s be real, if this button wiped out Microsoft?s bank account, there would be a pop up message that says that CAUTION!!! THIS WILL WIPE OUT THE ENTIRE ACCOUNT!!!
Hardly a "real" situation, is it?
>And the user would have to accept several places and sign in blood.
Attention! Person that stole this device! If you continue all
information will be erased!
BTW, you (the administrator) were offered a confirmation of you
action. If you didn't know what you were doing, why'd you say "Sure,
go ahead"?
>So the question is, when is Microsoft going to fix this major mistake?
Never. It's up to YOU (you're the administrator, right?) to manage the
devices. If you have a policy that says "when you leave the company we
will reset your mobile devices" you're in the clear. If you don't have
such a policy then shame on you!
>At lease give us some options:
>
>1.) Wipe only Exchange information, like you thought this function was for.
And what about all the other company information that's been kept on
the device? Lists of accounts and passwords? Company strategy
documents? Customer lists?
>2.) Wipe Everything!!!!
That's pretty much what "Wipe the device" is.
>Frankly, I?m worried about deleting an e-mail in Outlook now, as this may be wiping out the entire North American Air Defense System!
>
>Of Course there is a warning on page 46234 of the Outlook manual that has the warning!!!
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
October 30th, 2011 3:58pm
On Sun, 30 Oct 2011 18:12:53 +0000, RobertDanis wrote:
>Apparently, the WIPE remote device option in Exchange 2010 wipes out the ENTIRE device not just the exchange data on that device.
>
>Ya, I'm not kidding!
We know!
>Since when did an e-mail program have jurisdiction to wipe an entire device.
Since you told it it could!
>Of course, Microsoft?s not alone, Apple had to know about this as well as Google and all other phone manufacturers.
>
>That?s the type of activity I?d expect from a virus!
No, that's the activity you'd expect when a mobile device containing
company information is lost or stolen.
>So, last week, we let an employee go. Naturally, we thought that we should send a command to wipe the EXCHANGE information off of his iPhone and iPad. That makes sense, right?
If that's your policy and you get agreement from the owner before
letting them synchronize their device, yes.
>But check out this little hidden GEM: http://technet.microsoft.com/en-us/library/bb124591.aspx
>
>It wipes out everything on the device. Apparently Microsoft doesn't consider this a major $#%!#$ up!
Neither do I.
>Let?s be real, if this button wiped out Microsoft?s bank account, there would be a pop up message that says that CAUTION!!! THIS WILL WIPE OUT THE ENTIRE ACCOUNT!!!
Hardly a "real" situation, is it?
>And the user would have to accept several places and sign in blood.
Attention! Person that stole this device! If you continue all
information will be erased!
BTW, you (the administrator) were offered a confirmation of you
action. If you didn't know what you were doing, why'd you say "Sure,
go ahead"?
>So the question is, when is Microsoft going to fix this major mistake?
Never. It's up to YOU (you're the administrator, right?) to manage the
devices. If you have a policy that says "when you leave the company we
will reset your mobile devices" you're in the clear. If you don't have
such a policy then shame on you!
>At lease give us some options:
>
>1.) Wipe only Exchange information, like you thought this function was for.
And what about all the other company information that's been kept on
the device? Lists of accounts and passwords? Company strategy
documents? Customer lists?
>2.) Wipe Everything!!!!
That's pretty much what "Wipe the device" is.
>Frankly, I?m worried about deleting an e-mail in Outlook now, as this may be wiping out the entire North American Air Defense System!
>
>Of Course there is a warning on page 46234 of the Outlook manual that has the warning!!!
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
October 30th, 2011 10:49pm