Helpful Links

Navigate OHIO

About OHIO Admission Athletics
Academics Life at OHIO

Connect With Us

Bobcat Depot
1 Park Place
Athens, OH 45701
help.ohio.edu

Microsoft O365 -remote data wipe

Purpose

Microsoft offers the capability to remotely remove all data from a device that is synced to your OHIO email account in case the device is lost or stolen. However, this will only work if you use your OHIO email account in the email app that comes with the device. If you only use the Microsoft Outlook app from your device’s app store, remote wiping will only remove your OHIO account data from the app; all other personal data on the device will remain intact.

Important: Only Apple and Android phones and tablets or Windows 10 devices that have a connection to Microsoft365 via Exchange Active Sync can be remotely wiped.

Scope

This standard applies to all university employees and students, as well as any individuals who are not University employees but have access to university data through Microsoft 365 email. This may include retired or emeritus staff and faculty, contractors, and volunteers. This standard applies when university data is accessed through or stored on mobile computing and storage devices, regardless of the device's ownership.

Standard

A Microsoft 365 account holder can initiate a self-service remote wipe for their mobile device. Depending on the email app used, a remote wipe may erase your entire device, much like a factory reset, and require you to setup the device again. This may result in the loss of all data on the device, including photos, videos, and other personal data. See the next section for detail about what to expect when performing a remote wipe.

Performing a self-service remote wipe using Outlook on the web:

  1. Log into your account via Outlook on the web.
  2. Click on View All Outlook settings.
  3. Click General, and then select Mobile devices.
  4. Select the mobile phone.
  5. Click or tap the Wipe All Data icon.

Note: If you contact the IT Service Desk to perform a remote erase, they will escalate your request to the OHIO Information Security Office. The remote wipe action must be authorized by the account and the device owner.

What happens when a remote wipe is performed?

Data Wipe Icon
  • iPhone or iPad: If a person who uses the built-in Mail app for their iPhone or iPad clicks this button (see image above), they will completely wipe their device. The person will lose any data on the device that is not backed up, including photos, videos, and other personal data.
  • Microsoft Outlook app for iOS or Android: If a person who uses the Microsoft Outlook app for their iPhone, iPad, or Android device clicks this button (see image above), this will remove their OHIO account and data from the Outlook app on all mobile device which are used with the Outlook app, not just the lost or stolen device. This will only impact the OHIO account data on the app and will not wipe the entire device.
  • Windows 10 mail app: If a person who uses the Windows 10 Mail app clicks this button (see image above), this will completely wipe their device. The person will lose any data on the device that is not backed up, including photos, videos, other personal data, and installed apps.

References

  • Policy 91.003 Data Classification
  • Policy 91.005 Information Security
  • NIST Advanced Encryption Standard (AES), FIPS PUB 197

Exceptions

All exceptions to this standard must be formally documented with the Information Security Office(ISO)prior to approval by the Information Security Governance Committee (ISGC). Standard exceptions will be reviewed and renewed on a periodic basis by the ISO.

Request an exception:

Complete Exception request form.

Governance

This standard will be reviewed and approved by the university Information Security Governance Committee as deemed appropriate based on fluctuations in the technology landscape, and/or changes to established regulatory requirement mandates.

Reviewers

The reviewers of this standard are the members of the Information Security Governance Committee representing the following University stakeholder groups:

  • Information Technology: Ed Carter (Chair)
  • Human Resources: Michael Courtney
  • Faculty: Hans Kruse
  • Finance and Administration: Chad Mitchell
  • Associate Dean: Shawn Ostermann
  • Regional Higher Education: Larry Tumblin
  • Research and Sponsored Programs: Maureen Valentine
  • Enterprise Risk Management and Insurance: Larry Wines

History

Draft versions of this policy were circulated for review and approved November 20, 2020.