Initiating a remote secure wipe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-30-2021 11:10 AM
I've done some searching, but am unable to find documentation from Apple or jamf. Has anyone found any?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-30-2021 12:08 PM
Jamf Computer Object > Management > Wipe Computer
Nothing is retrievable and you would have to reimage it again
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-30-2021 12:11 PM
I was more looking for documentation. Looking to show SecOps that a remote wipe is secure.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-30-2021 12:17 PM - edited 11-30-2021 12:18 PM
is this for Jamf Pro of Jamf Now?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-30-2021 12:18 PM
We are using Pro
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-30-2021 12:27 PM
Don't know if there is any but from experience, we only do this as a last resort. We lock them instead
as PoC test, we wiped a few of them (both onsite and remote) and once the wiping started, it became useless, nothing was retrievable and the device was not operational (OS was removed also)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-30-2021 12:29 PM
Right. The use case is for when we right off a machine or the user is offshore.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-30-2021 01:18 PM
Not sure about documentation, though I'm sure Apple has something on this, but my general understanding is that when a remote wipe is initiated, the encryption key for the volume is destroyed, which essentially means the data on the disk is 100% irretrievable. It's essentially just a bunch of scrambled unreadable bits at that point. Hence why the only method of restoring the device is to reinstall the OS. I'm not completely sure if this requires that FileVault is activated to be the case, but technically speaking, disk encryption is on by default on most recent macOS versions, so maybe not. I might be misspeaking here, so someone correct me on this if I'm wrong.
If you have an Apple rep at all, I would reach out to them about it. I'm sure they can find the documentation on Apple's site somewhere or on their developer pages that details how this works.
