Remote wipe
If a mobile device is lost or stolen, an administrator can issue a remote wipe command to remove all sensitive data from the device. You can remove the IBM Traveler application and data from the device and, depending on the device, restore the device to the factory default settings.
Procedure
- Before wiping a device, make sure that you do not add the user to the deny list. This is because the device must be able to connect to receive the wipe command. The deny list has no exceptions so the user must have access until after the wipe has taken place.
- Open the IBM Traveler administration application. Refer to Using the administration application for more information.
- Open the Device Security view.
- Select the device.
- Select the Wipe Device action.
- Select one or more of these options:
- Hard Reset Device – This option restores the device to factory default settings, and removes the IBM Traveler application and all PIM and mail data that was synced with IBM Traveler.
- IBM Traveler Application and Data – This option removes the IBM Traveler application and all PIM and mail data that was synced with IBM Traveler.
- Storage Card – This option removes any data that is present on storage cards loaded in the device.
General remote wipe considerations:Note: The wipe command is enacted on the device the next time it connects. If the device is connected at the time, the wipe occurs immediately. If the device is not connected and an SMS address has been provided (or added on the server), then an SMS message is sent (in addition to push) to tell the client to check in with the push or accept the action if it cannot log in. This SMS message travels over the cellular network, and is received almost immediately if the device is able to receive text messages (the phone is on and connected to the cellular network).Note: The user (and not the admin) can perform these Remote Wipe actions from the Manage Security section of the IBM Traveler User Home Page, assuming that the system administrator allows it.Note: For ActiveSync devices, the IBM Traveler Application and Data option occurs during a sync. As a result, the device must be able to connect with the server for the data removal to occur. The mail server must be accessible and the ACL must still be correct for the sync that is erasing all the data to work. The IBM Traveler Application and Data option will remove all data and erase all calendar and contact information. In addition, all mail folders (and their contents) will be erased, except for the Inbox which is left with a message stating that the device has been wiped and provides instructions on how to remove the account. The IBM Traveler account is not deleted or modified in any way, but if the device tries to sync, it will get an access denied response.Android remote wipe considerations:Note: Wipe device is only available if the Android Device Administrator is active. The Android Device Administrator is only active if the IBM Traveler configuration has settings that require it, such as "Require Device Password", "Prohibit Camera", and "Prohibit devices incapable of security enablement".Apple remote wipe considerations:Note: Apple devices support only the IBM Traveler Application and Data option and do not use SMS for remote wipe.BlackBerry 10 remote wipe considerations:Note: A BlackBerry 10 device remote wipe result depends upon whether or not the device is registered to and managed by a BlackBerry Enterprise Service 10 or not. If the device is managed by BES 10, then the remote wipe will erase only the work perimeter. If not, and the device connects directly to IBM Traveler, then the entire device will be wiped.Other wipe options:Note: The Android client for Airwatch version 4.2.362 adds support to wipe the IBM Traveler application. The IBM Traveler client must be 9.0.0.1 201309251652 or later to support this option.