iPad: iPad - Remote Wipe by Exchange Server

[pgershon]

Apparently an Exchange server can cause an iPad or iPhone to wipe out. The intent is to be able to wipe stolen devices or those of terminated employees. But what of the mistake? My iPad (and some others) was accidentally wiped by corporate IT. No disaster, can restore one would think. Problem is that whenever corporate exchange server sees my device ID it wipes it again.

Does anyone know a way to turn this off. Only solution I have so far is to buy new devices. There must be a better way.

[brand]

The obvious answer would be to contact the IT department that is responsible for managing the Exchange server.

How do you know it was accidentally wiped and not intentionally wiped?

The only reason I can think of as to why someone wouldn't want to contact the IT Department would be if the device was stollen.

[HazyCloud]

Quote:

Originally Posted by pgershon

Apparently an Exchange server can cause an iPad or iPhone to wipe out. The intent is to be able to wipe stolen devices or those of terminated employees. But what of the mistake? My iPad (and some others) was accidentally wiped by corporate IT. No disaster, can restore one would think. Problem is that whenever corporate exchange server sees my device ID it wipes it again.

Does anyone know a way to turn this off. Only solution I have so far is to buy new devices. There must be a better way.

You have to remove your corporate email from the device. I even tested this at my last job and yes, Exchange wipes it without any hesitation.

[pgershon]

Quote:

Originally Posted by HazyCloud

You have to remove your corporate email from the device. I even tested this at my last job and yes, Exchange wipes it without any hesitation.

For further information, it seems there is an issue with iOS 6.1 and Exchange:

Excerpt from Microsoft
This is more informative, the last few hours we started experenceing issues with Apple iOS 6.1, essentially malformed meetings on a device cause the device to get into a sync loop which causes excessive transaction log growth on the Exchange mailbox servers which will cause Exchange performance issues and potentially transaction log drives to run out of disk space which would then bring down Exchange.

My IT tried to rectify and executed a wipe on 5 devices, mine included. Obviously the wrong thing to do and inadvertent. Now the devices cannot be used on the Exchange server - it they connect the server executes a wipe. IT has been trying, without success, to remove the wipe instruction. After 10 hours of trying, no luck. Three iPads and two iPhones are bricks, at least in terms of my corporate server. Seems that the attempt to undo the wipe command keeps failing because the server no longer sees the devices

[DmbShn41]

Its been sometime ago but I remember playing with this years back:
I think it has everything to do with ActiveSync being enabled, and nothing to do with the errant iOS 6.1 bug right now.

Delete the Exchange account from your iDevice. Have your IT folks turn off ActiveSync access on your account. Have IT enable ActiveSync on your account. Add the account into Mail, Contacts, Calendars on the iDevice. See if this works.

Years ago at my job, something similar happened. IT was allowing Exchange access to certain personal iOS devices, and not all. Someone who was denied access complained to HR. HR made IT write a new access policy to allow for everyone if they chose. In the mean time, IT turned off ActiveSync to everyones account who wasn't issued a corporate device. When a mobile device is using ActiveSync to connect to an Exchange server, and the ActiveSync is turned off on server side, it initiates a wipe to the device. I know of about 30 people who had their iPhones, iPads, iPod Touch, and Androids wiped. This was before iCloud, probably iOS 4 days.

[pgershon]

Quote:

Originally Posted by DmbShn41

Its been sometime ago but I remember playing with this years back:
I think it has everything to do with ActiveSync being enabled, and nothing to do with the errant iOS 6.1 bug right now.

Delete the Exchange account from your iDevice. Have your IT folks turn off ActiveSync access on your account. Have IT enable ActiveSync on your account. Add the account into Mail, Contacts, Calendars on the iDevice. See if this works.

Years ago at my job, something similar happened. IT was allowing Exchange access to certain personal iOS devices, and not all. Someone who was denied access complained to HR. HR made IT write a new access policy to allow for everyone if they chose. In the mean time, IT turned off ActiveSync to everyones account who wasn't issued a corporate device. When a mobile device is using ActiveSync to connect to an Exchange server, and the ActiveSync is turned off on server side, it initiates a wipe to the device. I know of about 30 people who had their iPhones, iPads, iPod Touch, and Androids wiped. This was before iCloud, probably iOS 4 days.

MS Tech support finally guiding my IT folk to a third-party app to connect to the MAPI information and manually remove the serial # of affected devices. Some bug in Exchange had the serial numbers of the wiped devices stored but said "device not found" when they tried to remove the serial numbers to undo the wipe command. All OK now.

Still must leave with the comment. Individuals connect their private devices with private information to corporate IT systems. The companies want these users connected at it accrues to their benefit. If something blips (like in my case), corporate IT should not be able to wipe personal data on devices. There will eventually be a lawsuit about this, Very big invasion of privacy.

[CNeufeld]

Quote:

Originally Posted by pgershon

MS Tech support finally guiding my IT folk to a third-party app to connect to the MAPI information and manually remove the serial # of affected devices. Some bug in Exchange had the serial numbers of the wiped devices stored but said "device not found" when they tried to remove the serial numbers to undo the wipe command. All OK now.

Still must leave with the comment. Individuals connect their private devices with private information to corporate IT systems. The companies want these users connected at it accrues to their benefit. If something blips (like in my case), corporate IT should not be able to wipe personal data on devices. There will eventually be a lawsuit about this, Very big invasion of privacy.

Then don't connect your private device with your corporate IT system. If having an i* device is a required part of your job, they should provide you with a corporate one that they can wipe at will.

And for that matter, all your stuff should be backed up securely in any case, off of your device. Because if you DO lose your device (or it dies), you'll lose the information anyway.

And finally, it's not an invasion of privacy. It MIGHT be destruction of information, but your data is still all very secure. You just don't have it anymore...

I connect my iPhone to my corporate e-mail server because it's convenient for me. It means I can work remotely a little easier, which is a benefit to me. If they wiped it out, I'd be a little ticked, yes. But because all my stuff is backed up or just resides in the cloud (Dropbox, Skydrive, etc), it's all there when I restore from my backup.

Clint

[pgershon]

Quote:

Originally Posted by CNeufeld

Then don't connect your private device with your corporate IT system. If having an i* device is a required part of your job, they should provide you with a corporate one that they can wipe at will.

And for that matter, all your stuff should be backed up securely in any case, off of your device. Because if you DO lose your device (or it dies), you'll lose the information anyway.

And finally, it's not an invasion of privacy. It MIGHT be destruction of information, but your data is still all very secure. You just don't have it anymore...

I connect my iPhone to my corporate e-mail server because it's convenient for me. It means I can work remotely a little easier, which is a benefit to me. If they wiped it out, I'd be a little ticked, yes. But because all my stuff is backed up or just resides in the cloud (Dropbox, Skydrive, etc), it's all there when I restore from my backup.

Clint

Sometimes I read something that shocks my sensibilities. This is such a case. When works for a company, they do that, typically, to provide income to improve the rest of their life. Most of us work to live, as opposed to live to work. When you connect to your corporate email, you do that as a service to your company, it is not your company providing a service to you. Your company has every right to wipe THEIR data if you leave, or otherwise. But they have no right to wipe YOUR data. If the company offers to buy you a separate device, then maybe your argument holds water. But if you simply connect to their server to improve your productivity, you are providing the company with better service by connecting - you do them the favor (as opposed to them doing you the favor). They do not have the right to wipe your data on your device. I suppose if you sign over that right, then this is debatable. But all else being equal, they have no more right to wipe your device than you do to wipe theirs (now that is a thought).

Reality is that even Microsoft does not claim that they wipe your device. If you read their own materials, Microsoft claims their message is wipe only the corporate data. Trouble is that all devices, iPhones, Androids and other, interpret the Microsoft command as wipe everything.