Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPad iPad - Remote Wipe by Exchange Server

P

pgershon

macrumors newbie
Original poster
Jul 21, 2008
14
0
Apparently an Exchange server can cause an iPad or iPhone to wipe out. The intent is to be able to wipe stolen devices or those of terminated employees. But what of the mistake? My iPad (and some others) was accidentally wiped by corporate IT. No disaster, can restore one would think. Problem is that whenever corporate exchange server sees my device ID it wipes it again.

Does anyone know a way to turn this off. Only solution I have so far is to buy new devices. There must be a better way.
 
brand

brand

macrumors 601
Oct 3, 2006
4,390
456
127.0.0.1
iPad - Remote Wipe by Exchange Server

The obvious answer would be to contact the IT department that is responsible for managing the Exchange server.

How do you know it was accidentally wiped and not intentionally wiped?

The only reason I can think of as to why someone wouldn't want to contact the IT Department would be if the device was stollen.
 
HazyCloud

HazyCloud

macrumors 68030
Jun 30, 2010
2,779
37
pgershon said:
Apparently an Exchange server can cause an iPad or iPhone to wipe out. The intent is to be able to wipe stolen devices or those of terminated employees. But what of the mistake? My iPad (and some others) was accidentally wiped by corporate IT. No disaster, can restore one would think. Problem is that whenever corporate exchange server sees my device ID it wipes it again.

Does anyone know a way to turn this off. Only solution I have so far is to buy new devices. There must be a better way.
Click to expand...

You have to remove your corporate email from the device. I even tested this at my last job and yes, Exchange wipes it without any hesitation.
 
P

pgershon

macrumors newbie
Original poster
Jul 21, 2008
14
0
HazyCloud said:
You have to remove your corporate email from the device. I even tested this at my last job and yes, Exchange wipes it without any hesitation.
Click to expand...

For further information, it seems there is an issue with iOS 6.1 and Exchange:

Excerpt from Microsoft
This is more informative, the last few hours we started experenceing issues with Apple iOS 6.1, essentially malformed meetings on a device cause the device to get into a sync loop which causes excessive transaction log growth on the Exchange mailbox servers which will cause Exchange performance issues and potentially transaction log drives to run out of disk space which would then bring down Exchange.

My IT tried to rectify and executed a wipe on 5 devices, mine included. Obviously the wrong thing to do and inadvertent. Now the devices cannot be used on the Exchange server - it they connect the server executes a wipe. IT has been trying, without success, to remove the wipe instruction. After 10 hours of trying, no luck. Three iPads and two iPhones are bricks, at least in terms of my corporate server. Seems that the attempt to undo the wipe command keeps failing because the server no longer sees the devices
 
D

DmbShn41

macrumors 6502
Jun 22, 2009
295
2
Its been sometime ago but I remember playing with this years back:
I think it has everything to do with ActiveSync being enabled, and nothing to do with the errant iOS 6.1 bug right now.

Delete the Exchange account from your iDevice. Have your IT folks turn off ActiveSync access on your account. Have IT enable ActiveSync on your account. Add the account into Mail, Contacts, Calendars on the iDevice. See if this works.

Years ago at my job, something similar happened. IT was allowing Exchange access to certain personal iOS devices, and not all. Someone who was denied access complained to HR. HR made IT write a new access policy to allow for everyone if they chose. In the mean time, IT turned off ActiveSync to everyones account who wasn't issued a corporate device. When a mobile device is using ActiveSync to connect to an Exchange server, and the ActiveSync is turned off on server side, it initiates a wipe to the device. I know of about 30 people who had their iPhones, iPads, iPod Touch, and Androids wiped. This was before iCloud, probably iOS 4 days.
 
P

pgershon

macrumors newbie
Original poster
Jul 21, 2008
14
0
DmbShn41 said:
Its been sometime ago but I remember playing with this years back:
I think it has everything to do with ActiveSync being enabled, and nothing to do with the errant iOS 6.1 bug right now.

Delete the Exchange account from your iDevice. Have your IT folks turn off ActiveSync access on your account. Have IT enable ActiveSync on your account. Add the account into Mail, Contacts, Calendars on the iDevice. See if this works.

Years ago at my job, something similar happened. IT was allowing Exchange access to certain personal iOS devices, and not all. Someone who was denied access complained to HR. HR made IT write a new access policy to allow for everyone if they chose. In the mean time, IT turned off ActiveSync to everyones account who wasn't issued a corporate device. When a mobile device is using ActiveSync to connect to an Exchange server, and the ActiveSync is turned off on server side, it initiates a wipe to the device. I know of about 30 people who had their iPhones, iPads, iPod Touch, and Androids wiped. This was before iCloud, probably iOS 4 days.
Click to expand...

MS Tech support finally guiding my IT folk to a third-party app to connect to the MAPI information and manually remove the serial # of affected devices. Some bug in Exchange had the serial numbers of the wiped devices stored but said "device not found" when they tried to remove the serial numbers to undo the wipe command. All OK now.

Still must leave with the comment. Individuals connect their private devices with private information to corporate IT systems. The companies want these users connected at it accrues to their benefit. If something blips (like in my case), corporate IT should not be able to wipe personal data on devices. There will eventually be a lawsuit about this, Very big invasion of privacy.
 
C

CNeufeld

macrumors 6502a
Nov 25, 2009
938
515
Edmonton, AB
pgershon said:
MS Tech support finally guiding my IT folk to a third-party app to connect to the MAPI information and manually remove the serial # of affected devices. Some bug in Exchange had the serial numbers of the wiped devices stored but said "device not found" when they tried to remove the serial numbers to undo the wipe command. All OK now.

Still must leave with the comment. Individuals connect their private devices with private information to corporate IT systems. The companies want these users connected at it accrues to their benefit. If something blips (like in my case), corporate IT should not be able to wipe personal data on devices. There will eventually be a lawsuit about this, Very big invasion of privacy.
Click to expand...

Then don't connect your private device with your corporate IT system. If having an i* device is a required part of your job, they should provide you with a corporate one that they can wipe at will.

And for that matter, all your stuff should be backed up securely in any case, off of your device. Because if you DO lose your device (or it dies), you'll lose the information anyway.

And finally, it's not an invasion of privacy. It MIGHT be destruction of information, but your data is still all very secure. You just don't have it anymore... :)

I connect my iPhone to my corporate e-mail server because it's convenient for me. It means I can work remotely a little easier, which is a benefit to me. If they wiped it out, I'd be a little ticked, yes. But because all my stuff is backed up or just resides in the cloud (Dropbox, Skydrive, etc), it's all there when I restore from my backup.

Clint
 
P

pgershon

macrumors newbie
Original poster
Jul 21, 2008
14
0
CNeufeld said:
Then don't connect your private device with your corporate IT system. If having an i* device is a required part of your job, they should provide you with a corporate one that they can wipe at will.

And for that matter, all your stuff should be backed up securely in any case, off of your device. Because if you DO lose your device (or it dies), you'll lose the information anyway.

And finally, it's not an invasion of privacy. It MIGHT be destruction of information, but your data is still all very secure. You just don't have it anymore... :)

I connect my iPhone to my corporate e-mail server because it's convenient for me. It means I can work remotely a little easier, which is a benefit to me. If they wiped it out, I'd be a little ticked, yes. But because all my stuff is backed up or just resides in the cloud (Dropbox, Skydrive, etc), it's all there when I restore from my backup.

Clint
Click to expand...

Sometimes I read something that shocks my sensibilities. This is such a case. When works for a company, they do that, typically, to provide income to improve the rest of their life. Most of us work to live, as opposed to live to work. When you connect to your corporate email, you do that as a service to your company, it is not your company providing a service to you. Your company has every right to wipe THEIR data if you leave, or otherwise. But they have no right to wipe YOUR data. If the company offers to buy you a separate device, then maybe your argument holds water. But if you simply connect to their server to improve your productivity, you are providing the company with better service by connecting - you do them the favor (as opposed to them doing you the favor). They do not have the right to wipe your data on your device. I suppose if you sign over that right, then this is debatable. But all else being equal, they have no more right to wipe your device than you do to wipe theirs (now that is a thought).

Reality is that even Microsoft does not claim that they wipe your device. If you read their own materials, Microsoft claims their message is wipe only the corporate data. Trouble is that all devices, iPhones, Androids and other, interpret the Microsoft command as wipe everything.
 
A

andrew554

macrumors newbie
Oct 5, 2014
1
0
pgershon said:
Sometimes I read something that shocks my sensibilities. This is such a case.
Click to expand...

Quite so. Moreover, if I delete the Exchange account, it both deletes the data and disables the remote wipe functionality—so that’s a hole in that ‘security’ anyway.

I’m freelance, and I have (Exchange) email accounts with several companies on my iPhone & iPad. It makes me very, VERY uneasy that each one of them has the ability to wipe my phone and iPad.

Bizarrely, this remote wipe does NOT apply to my MacBook (and I’m glad of that, but it’s inconsistent).

I want (not unreasonably) the ability to allow remote wipe of Exchange ACCOUNTS by their respective companies individually, without affecting my personal data. And if a company is not comfortable with that level of ‘protection’—fine, I’m happy not to access their email on my phone (or to use Outlook Web Access, which doesn’t let them wipe my device).
 
Mr. Buzzcut

Mr. Buzzcut

macrumors 65816
Jul 25, 2011
1,037
488
Ohio
pgershon said:
Sometimes I read something that shocks my sensibilities. This is such a case. When works for a company, they do that, typically, to provide income to improve the rest of their life. Most of us work to live, as opposed to live to work. When you connect to your corporate email, you do that as a service to your company, it is not your company providing a service to you. Your company has every right to wipe THEIR data if you leave, or otherwise. But they have no right to wipe YOUR data. If the company offers to buy you a separate device, then maybe your argument holds water. But if you simply connect to their server to improve your productivity, you are providing the company with better service by connecting - you do them the favor (as opposed to them doing you the favor). They do not have the right to wipe your data on your device. I suppose if you sign over that right, then this is debatable. But all else being equal, they have no more right to wipe your device than you do to wipe theirs (now that is a thought).

Reality is that even Microsoft does not claim that they wipe your device. If you read their own materials, Microsoft claims their message is wipe only the corporate data. Trouble is that all devices, iPhones, Androids and other, interpret the Microsoft command as wipe everything.
Click to expand...


You agree to the company's policy when you add the account. They can even require a passcode and control lock timeouts, etc. so just don't do it. You can always use webmail.

Think about it. Attachments can be saved outside of the mail client. The company is protecting information they own if the phone is lost or an employee suddenly terminated.

As someone already said, if you are required to have a phone, the company should provide it. Then there is no conflict.

It shocks the sensibilities that someone can willingly enter an agreement and then complain about the terms. Shows a lack of maturity.


Edit: replace "phone" with "ipad" or "device"
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom