Remote Wipe and Device Security for Company Mobiles

What Is Remote Wipe?

Remote wipe is the ability to erase data from a smartphone or tablet without physical possession of the device. It is delivered through Mobile Device Management (MDM) software — typically Microsoft Intune for UK businesses using Microsoft 365. When a device is enrolled in MDM, an administrator can initiate a wipe command from a management console that takes effect as soon as the device connects to the internet.

There are two types of remote wipe. A full device wipe erases everything and returns the phone to its factory state — appropriate for company-owned devices. A selective wipe (sometimes called a targeted wipe) removes only the managed work profile and its contents — company email, apps, and files — while leaving personal photos, contacts, and apps intact. Selective wipe is the appropriate action for BYOD (personal) devices.

How Remote Wipe Works

Remote wipe requires MDM enrolment to be in place before the device is lost. Once enrolled, the device regularly checks in with the MDM platform. When a wipe command is issued, it is queued and delivered the next time the device connects — whether over Wi-Fi or mobile data. Most modern smartphones receive and execute the wipe command within minutes of it being sent, provided the device has any network connectivity.

The process in Microsoft Intune is straightforward: the administrator selects the device from the Intune portal, chooses the wipe type, and confirms. Intune sends the command and provides status confirmation once the device reports back. AMVIA manages this process for clients as part of its mobile device management service.

Why UK Businesses Need Remote Wipe Before a Device Is Lost

A smartphone with access to company email, Microsoft Teams, SharePoint, and cloud file storage contains significant amounts of sensitive business and potentially personal data about clients and staff. Under UK GDPR, the business is the data controller for that information and is responsible for its security.

A lost device without remote wipe capability means that data is accessible to whoever finds the phone — particularly if the device lacks a strong PIN or the lock screen can be bypassed. The ICO expects businesses to have implemented appropriate technical measures, including the ability to remotely wipe devices, as part of their data protection obligations. Failure to do so can constitute a reportable breach if personal data is compromised.

Key Considerations for UK SMEs

• MDM must be set up before the device is lost: Remote wipe only works on enrolled devices. Every business mobile should be enrolled in MDM before staff begin using it for work.
• Have a clear incident process: Staff should know who to call immediately when a device is lost. Delayed reporting delays the wipe — time matters if sensitive data is on the device.
• Use selective wipe for BYOD: Full wipe of a personal device would destroy an employee's personal content — selective wipe removes company data only, which is both legally appropriate and more likely to encourage cooperation.
• Test the wipe process in advance: Before relying on remote wipe in an emergency, test the procedure using a spare device so your team knows exactly what to do.
• Revoke access immediately: Whilst wipe is being initiated, block access to company email and Microsoft 365 through Entra ID — this stops data being accessed even before the wipe completes.

How AMVIA Can Help

AMVIA configures Microsoft Intune MDM for company-owned and BYOD devices, including remote wipe procedures and documented incident response steps. When a device is reported lost, AMVIA initiates the wipe and access revocation process immediately — no delay waiting for internal IT. As part of a managed mobile service, AMVIA also handles device provisioning, policy management, and secure device disposal at end of life. Call 0333 733 8050 to discuss your requirements.