This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Hi Everyone I am using Endpoint Manager on a small O365 tenant and I am pretty new to MDM, I would appreciate some guidance on the below situation. I have some iphones that will be corp devices and some that are personal, I need to be able to wipe the emails off the devices for both corp owned devices and personal ones if the phone is lost or in the case of personal devices, if the person leaves the company. I see if I enrol the device into endpoint manager and get users to download outlook from my list of available apps I can use selective wipe to remove the email. But for personal devices, I cant get them to do this as its not a managed device. Someone said app protection policies can serve my purpose but I dont see how I can use this to get Outlook on their device from endpoint manager as its not a managed device and therefore not enrolled, with this being the case, how could I wipe the email off it? I can see I could use conditional access to stop them logging into Outlook with their company email account if they download Outlook manually themselves but I cant see how I can get them access to their email and yet be able to wipe the email off on a personal de3vice. So in essence my question is: How can I wipe corporate email off a personal phone when someone leaves? Thanks very much.
If you enroll the device then it will be managed. When you delete the device from Intune, all corporate data will be removed as well. Selective wipe will work perfectly in your scenario. Just make sure you apply App Protection policies for both managed and unmanaged devices. This way apps installed both personally and through Company Portal will come under Intune management. Leverage CA to restrict access to compliant or APP.
Hi,
Thanks for your reply.
==>So in essence my question is: How can I wipe corporate email off a personal phone when someone leaves?
Agree with @Rahul Jindal [MVP] . Intune App selective wipe can achieve this goal. Selective wipe for MAM simply removes company app data from an app, for example Outlook. The request is initiated using Intune. After the request is finished, the next time the app runs on the device, company data is removed from the app.
In addition, you can also configure a selective wipe of your company data as a new action when the conditions of Application Protection Policies (APP) Access settings are not met. This feature helps you automatically protect and remove sensitive company data from applications based on pre-configured criteria.
For more information, please refer to:
How to wipe only corporate data from Intune-managed apps
Selective wipe
Thanks for your time. Have a nice day!
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it. Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
Hope everything goes well. Do you need any further assistance about this issue? If yes, please feel free to let us know, we will do our best to help you.
If the response is helpful, it's appreciated that you could click "Accept Answer" and upvote it, this will help other users to search for useful information more quickly.
Thanks for your time.
Best regards,
Simon