I need to create a termination script to wipe emails off terminated users mobile devices!
When I run this fella:
Clear-MobileDevice -Identity $_.Guid -AccountOnly -whatif
It says:
"Clearing mobile device Identity:All the data on the mobile device will be permanently deleted"
I used the AccountOnly switch but it’s saying it’s going to remove all the mobile data?? How do I get it to just remove the email only
I think that’s just a generic warning that shows up regardless of the switches. When in doubt run it for a test device
I’m fairly certain this can wipe the entire device, but it doesn’t necessarily. It seems like your command would only wipe the account. Take a look at Clear-MobileDevice (ExchangePowerShell) | Microsoft Learn and Perform a remote wipe on a mobile phone | Microsoft Learn
As always, test on test device as @neemobeer mentions. It seems to depend on the client type and whether or not its native app. There’s a big red notice on the second link that explains the options (likely related to that accountonly switch)
Exchange ActiveSync v16.1 supports two different remote wipe processes: A Wipe Data remote wipe and also an Account Only Remote Wipe Device remote wipe. There are important differences between how Outlook responds and how native mail apps on iOS and Android respond to these different wipe commands.
Outlook for iOS and Outlook for Android support only the Wipe Data command, which wipes only data within Outlook. The Outlook app will reset and all Outlook email, calendar, contacts, and file data will be removed, but no other data is wiped from the device. The Account Only Remote Wipe Device command is therefore redundant and is not supported by Outlook for iOS or Android.
However, if a native iOS or Android mail app is connected to Exchange and receives a Wipe Data command from Exchange ActiveSync, all data on the device will be wiped, including photos, personal files, and so on.
If a native iOS or Android mail app is connected to Exchange and receives an Account Only Remote Wipe Device command from Exchange ActiveSync, only the native mail app’s Exchange ActiveSync mail, calendar, and account data are wiped.
These commands are designed to destroy data. Exercise caution when using them.
The Clear-MobileDevice cmdlet in Exchange PowerShell is designed to remove all data associated with a mobile device, including emails and other synchronized data. The “AccountOnly” switch does not remove only the email; it clears all data on the mobile device.
If you want to remove only email data from a terminated user’s mobile device and not wipe the entire device, you typically need to rely on the mobile device management (MDM) solution or email service settings on the device itself. Exchange PowerShell may not provide fine-grained control over individual data types on the device.
Could you provide some evidence to support that, or maybe I’m misunderstanding you. From what I’m gathering for the docs previously posted, it will not wipe the entire device if the AccountOnly switch is used, which would only remove exchange mailbox data from the device:
The AccountOnly switch specifies whether to perform an account-only remote device wipe where only Exchange mailbox data is removed from the device. You don’t need to specify a value with this switch.
and
Outlook for iOS and Outlook for Android support only the Wipe Data command, which wipes only data within Outlook. The Outlook app will reset and all Outlook email, calendar, contacts, and file data will be removed, but no other data is wiped from the device. The Account Only Remote Wipe Device command is therefore redundant and is not supported by Outlook for iOS or Android.
However, if a native iOS or Android mail app is connected to Exchange and receives a Wipe Data command from Exchange ActiveSync, all data on the device will be wiped, including photos, personal files, and so on.
If a native iOS or Android mail app is connected to Exchange and receives an Account Only Remote Wipe Device command from Exchange ActiveSync, only the native mail app’s Exchange ActiveSync mail, calendar, and account data are wiped.
Note the language differences between Outlook for IOS and outlook for android vs 'Native' ios/android app. Outlook via mobile doesn’t even support a full device wipe, from how the documentation reads. Given the nature and data loss, I doubt this data is incorrect as folks would definitely be upset and be reaching out to MS to have this documentation corrected.
Testing is needed here and perhaps I’m misunderstanding this, but the way the documentation reads definitely mentions ‘only exchange mailbox data is removed from the device’ and that info is corroborated with the other excerpt I provided from the second link. By not providing that switch and depending on the client, it could wipe the entire device. If you have other data that suggests otherwise, please do share, as that is probably something for folks to know and MS would need to be aware of it too.
I don’t think you’re reading my statement or the link you provided, as I’m literally using that same article (I have linked to it twice now) to make my point and quoted it as well two times.
Take a look at the full document, specifically look at the parameter section where it talks about the AccountOnly parameter which is what I quoted.
Lol dang go off nick
Yeah I was like why would microsoft not properly vet this command - it’s potentially really destructive especially if your users are not backing up the data on their devices to some sort of cloud account like icloud or something