MDM Erase Command

An MDM protocol command that remotely erases all content and settings from a device, optionally preserving enrollment for automatic re-enrollment.

What to Know

MDM Erase Command provides remote device wipe capability essential for responding to lost or stolen devices, securely decommissioning devices, or resolving severe software issues without physical access. This command ensures corporate data doesn’t fall into unauthorized hands even when devices are physically unrecoverable. Unlike user-initiated factory resets, MDM Erase Command can be triggered even when the device is locked or the user is uncooperative, making it critical for security incident response.

Common Scenarios

Enterprise IT: Corporate IT issues MDM Erase Commands immediately when employees report lost or stolen devices containing sensitive data. This ensures compliance with data breach notification requirements and minimizes exposure even if the device is never physically recovered.

MSP: MSPs use MDM Erase Command to remotely wipe client devices when employees are terminated, devices are being reassigned, or severe malware infections can’t be remediated. This provides clients with documented proof of data sanitization for compliance audits.

Education: Schools issue MDM Erase Commands when student devices are reported lost or stolen, ensuring student data is protected and the device becomes useless to thieves. Combined with Activation Lock, this effectively bricks stolen devices.

In Addigy

Addigy supports MDM Erase Command through the device actions menu, allowing admins to remotely wipe devices with a single click. When combined with Automated Device Enrollment and Return to Service, erased devices automatically re-enroll in Addigy after the wipe completes, receiving all policies and apps without manual intervention.