Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2006-09-18

One of the enhanced features available in Microsoft Exchange Server 2007 is the ability to perform a remote device wipe of a mobile device. Remote device wipe is a feature that enables the Exchange server to set a mobile device to delete all data the next time that the device connects to the Exchange server.

A remote device wipe returns a device to its factory default condition. This can be useful when a device is lost, stolen, or otherwise compromised, or when a device has to be reassigned from one user to another.

Overview

Mobile devices can store sensitive corporate data and provide access to many corporate resources. If a device is lost or stolen, that data can be compromised. Through Exchange ActiveSync policies, you can add a password requirement to your mobile devices. This requires that users enter a password to access their device. We recommend that, in addition to requiring a device password, you configure your devices to automatically prompt for a password after a period of inactivity. The combination of a device password and inactivity locking provides more security for your corporate data.

In addition to these features, Exchange 2007 provides remote device wipe. You can issue a remote wipe command from the Exchange Management Shell. Users can issue their own remote wipe commands from the Outlook Web Access user interface.

The remote device wipe feature also includes a confirmation function that writes a timestamp in the sync state data of the user's mailbox. This timestamp is displayed in Outlook Web Access and in the user's mobile device properties dialog box in the Exchange Management Console.

Important:
In addition to resetting the device to factory default condition, a remote device wipe also deletes any data on any storage card that is inserted in the device. If you are performing a remote device wipe on a device in your possession and want to retain the data on the storage card, remove the storage card before you initiate the remote device wipe.

Remote Device Wipe vs. Local Device Wipe

Local device wipe is the mechanism by which a device wipes itself without the request coming from the server. If your organization has implemented Exchange ActiveSync policies that specify a maximum number of password attempts and that maximum is exceeded, the device will perform a local device wipe. The result of a local device wipe is the same as that of a remote device wipe. The device is returned to its factory default condition. When a device performs a local device wipe, no confirmation is sent to the Exchange server.

For More Information

For more information about the remote device wipe feature, see the following topics: