Intune MAM selective wipe

So you followed Microsoft recommendations and implemented a Mobile Application Management policy!

but now someone has left and you need to ensure the data has been erased!

so to show you I will do it to myself – what could possibly go wrong? right Right RIGHT !!!

a quick primer MDM and MAM

so I just want to make sure we are all talking the same language here, Intune is both a Mobile Device Management(MDM) platform and a Mobile Application Management (MAM) platform

so what’s the difference – well at a high level it really comes down to who owns the device – if it a corporate-owned device (CYOD) then the business will want to control the entire device (push apps, control OS upgrades etc etc) and hence an MDM solution is best – now as a user you should remember the device and everything on it (the cute photos of your kids or pets) is under the business control and then there is MAM

with MAM the company can deploy a secure container to the machine and control what can and can not happen inside that container (the corporate data) – the business is not able to control the device nor access the cute photos of your kids/pets

So onto the show

to complete this process you need to be a intune administrator

let’s be clear I backed my Ipad up before attempting this (I may be silly but I am not Stupid)

so with your admin credentials log into the Azure Portal

 

intune00_01

then launch “Intune App Protection”

intune01

(if you do not see it under Azure services just search for it in the search dialogue box above

select “App selective wipe” under the manage section on the left-hand side

intune02

next click on “+ Create wipe request

intune03

in the Create wipe request window click on “Select user

intune04

in the blade that slides in from the right enter the name of the user (in my case myself) and select the person in the field below (once selected press the blue select button at the bottom of the screen

intune05

the devices used by the users under a MAM policy will then appear

intune06

from here simply select the device (in my case Michael’s iPad (2)

intune07

and the bottom of the window click Create

this will take you back to the App selective wipe window

intune08

now when the users next launches the application to access the data it will be blocked

the user will see

intune09

and as an Admin you will see

intune10

Happy MAM wiping

Leave a Reply