Initiating a remote secure wipe

rpayne
Contributor II

I've done some searching, but am unable to find documentation from Apple or jamf. Has anyone found any?

7 REPLIES 7

sgiesbrecht
Contributor III

Jamf Computer Object > Management > Wipe Computer

Nothing is retrievable and you would have to reimage it again

 

rpayne
Contributor II

I was more looking for documentation. Looking to show SecOps that a remote wipe is secure.

sgiesbrecht
Contributor III

is this for Jamf Pro of Jamf Now?

We are using Pro

sgiesbrecht
Contributor III

Don't know if there is any but from experience, we only do this as a last resort. We lock them instead

as PoC test, we wiped a few of them (both onsite and remote) and once the wiping started, it became useless, nothing was retrievable and the device was not operational (OS was removed also)

 

Right. The use case is for when we right off a machine or the user is offshore. 

mm2270
Legendary Contributor III

Not sure about documentation, though I'm sure Apple has something on this, but my general understanding is that when a remote wipe is initiated, the encryption key for the volume is destroyed, which essentially means the data on the disk is 100% irretrievable. It's essentially just a bunch of scrambled unreadable bits at that point. Hence why the only method of restoring the device is to reinstall the OS. I'm not completely sure if this requires that FileVault is activated to be the case, but technically speaking, disk encryption is on by default on most recent macOS versions, so maybe not. I might be misspeaking here, so someone correct me on this if I'm wrong.

If you have an Apple rep at all, I would reach out to them about it. I'm sure they can find the documentation on Apple's site somewhere or on their developer pages that details how this works.