EraseDevice

MDM command to factory reset a device. Options include preserving data plans or using ReturnToService to automatically re-enroll after wipe.

What to Know

EraseDevice is the ultimate security failsafe for lost, stolen, or compromised devices. When physical recovery is impossible or when a device contains sensitive data that must not fall into unauthorized hands, a remote wipe ensures all data is cryptographically erased and the device is returned to factory settings. This capability is often required by compliance frameworks (HIPAA, PCI-DSS, GDPR) that mandate remote wipe for devices accessing regulated data.

Beyond security incidents, EraseDevice is also essential for device lifecycle management. When employees leave, devices are reassigned, or hardware is sent for repair, a remote wipe ensures no corporate data persists. The ReturnToService option (available on supervised iPhones and iPads) automates the re-enrollment process after wipe, allowing IT to remotely “reset” devices for new users without requiring physical access — critical for organizations with remote workforces or distributed device pools.

Common Scenarios

Enterprise IT: Issue remote wipes for devices reported lost or stolen, especially those accessing sensitive corporate data or regulated systems. Use ReturnToService workflows to remotely repurpose devices between employees — erasing the previous user’s data while automatically re-enrolling the device so it’s ready for the next user without IT needing to handle the hardware. Initiate wipes on departing employee devices as part of offboarding checklists.

MSP: Execute client-authorized wipes on devices that are no longer under contract or when clients terminate service. Use ReturnToService to streamline device refreshes for clients with high employee turnover, allowing devices to be remotely reassigned without shipping hardware back to a central depot. Maintain documented wipe procedures to satisfy client compliance audits.

Education: Wipe student devices at the end of the school year to remove personal data before reassigning to new students. Use ReturnToService on shared iPad carts to quickly reset devices between class periods or semesters. Remotely wipe lost or stolen student devices to protect district data and comply with student privacy regulations like FERPA.

In Addigy

Addigy provides EraseDevice functionality through the Remote Wipe action available in each device’s management panel. Admins can configure wipe options including PIN code display (to prove the device was wiped), data plan preservation (for cellular devices), and ReturnToService re-enrollment (for supervised iPhones and iPads). When ReturnToService is enabled, Addigy automatically handles the re-enrollment flow, ensuring the device rejoins the same MDM server and receives its assigned policies after the wipe completes. All wipe commands are logged in the device’s audit history for compliance documentation.