Selective Wipe On MAM For Windows

Introduction

I have been blogging about MAM for Windows before, but I haven't covered how you can wipe the corporate data from BYOD devices. Take a look at the other blogs about MAM for Windows here.

• BYOD: The Fun begins with MAM!
• BYOD: The next step with MAM

If you haven't heard about selective wipe before, I will cover how this can be used on MAM for Windows and what you should be aware of when using it.

Gotchas With Selective Wipe

There are some things to be aware of when you are using selective wipe. It's important that you take it in to consideration.

• The device needs internet access.
• There is up to 30 minutes delay from when you execute the wipe.
• The user has to open the application before the wipe kick in.

It's really important that you are aware of these things when you are executing a selective wipe. It's not something that will happen the same moment you send it to the device.

User/Device Level Wipe

When executing selective wipe from Intune, you have 2 options available. The first is user-level wipe, this will wipe company apps across all the devices that the users has. If you have to do it "quickly" across all devices, this might be the option.

Lastly, we have the device-level wipe, where you can pick a specific device. Let's say that we need to only wipe company apps on the Windows device that the user has, this will be the best option.

As you can see in the screenshot above, you have the option to pick each individual device.

How to Execute Selective Wipe From Intune

First of all, do you have to navigate to the Intune portal. Once you've entered, you have to go to the app section. In there, you can see the "App selective wipe" category.

From here, you have to decide to do a device- or user-level wipe. In my example here, I will do a device-level wipe. I will click on "create wipe request".

In this tab, I will pick the user that owns the device. In my case, I have picked Adele, and she has 2 devices currently. Select the device that you would like to remove Edge from and click create.

Once you have clicked create, it will be listed under wipe requests in Intune. It will include some useful information, such as the state and app.

End-User Experience

When the selective wipe is executed on the device from Intune, this box will appear the next time the user opens Microsoft Edge. Be aware of the delay before it kicks in.

Once the user clicks "OK", the work profile in Edge will be deleted from the device.

Can we get more information somewhere else? Yes! Of course we can. Take a look at the Mamlog.txt as an example.

To break down what is happening in the log file, I have listed below some steps:

1. Checks in to the MAM service when launching Microsoft Edge.
2. It receives the selective wipe from Microsoft Intune.
3. The device gets unenrolled from MAM, and the work profile will get removed.

Conclusion

Thanks for reading this blog! This blog completes my series with MAM for Windows. I hope you've got some useful tips and tricks on how to manage your BYOD devices.