Erase Apple devices
If you’re an administrator or user, you can locally or remotely erase an iPhone, iPad, and Mac—in most cases using the option Erase All Content and Settings. On the device, erasing (or wiping) obliterates all the keys in effaceable storage and renders all user data cryptographically inaccessible.
Erase all content and settings
Mac computers with Apple silicon or with the Apple T2 Security Chip using macOS 12.0.1 or later allow a local administrator—or, if enrolled in MDM, an MDM administrator—to perform an Erase All Content and Settings, similar to behavior permitted on iPhone, iPad, Apple TV, and Apple Watch devices. All user data is erased, along with any additional volumes on the Mac. For a Mac with Apple silicon, the security settings are also reset to their default state (Full Security). An MDM solution:
Can use a restriction to prevent erasing all content and settings on a Mac (this feature already exists for iPhone and iPad devices)
Can use the existing
EraseDevicecommand to erase all content and settings
Ways to initiate a remote wipe command
No matter which Apple device you want to wipe (iPhone, iPad, or Mac), you can initiate a remote wipe command through mobile device management (MDM), iCloud, or Microsoft Exchange ActiveSync. When you initiate a remote wipe command through MDM, the Apple device sends an acknowledgment back to the MDM solution and performs the wipe. For more information, see Remote wipe.
When you initiate a remote wipe through Microsoft Exchange ActiveSync (iPhone and iPad only), the device checks in with the Microsoft Exchange Server before performing the wipe. You can perform the remote wipe using the Exchange Management Console, Outlook Web Access, or the Exchange ActiveSync Mobile Administration Web Tool.
Remote wipe in iOS and iPadOS
For iPhone and iPad, the Erase All Content and Settings option is located in the Settings app. Remote wipe using Erase All Content and Settings isnʼt possible for the following kinds of accounts:
Accounts using User Enrollment
Accounts using Microsoft Exchange ActiveSync when the account that was installed with User Enrollment
Accounts using Microsoft Exchange ActiveSync if the device is supervised
Note: Besides using the option Erase All Content and Settings, MDM solutions and users can also set an iPhone and iPad to automatically wipe after a series of failed passcode attempts.
Remote wipe in macOS with MDM
In macOS 12.0.1 or later, MDM initiates a remote wipe by default with the option Erase All Content and Settings, which you can also find in the following locations:
macOS 13 or later: Apple menu > System Settings > General > Transfer or Reset Erase All Content and Settings.
macOS 12.0.1 or earlier: Apple menu > System Preferences, then in the menu bar, System Preferences > Erase All Content and Settings.
MDM initiates a remote wipe on Mac computers with Apple silicon and those with the Apple T2 Security Chip.
Using an MDM solution, depending on which Mac model you have, you can trigger the Erase All Content and Settings option by sending an
EraseDevice command to the Mac. To receive this command, the Mac must meet the requirements listed below.
Minimum supported operating system
Requirement for enabling remote wipe
macOS 12.0.1 or later
With Apple silicon
macOS 12.0.1 or later
With Apple silicon or with the Apple T2 Security Chip
macOS 12.0.1 or later
With the Apple T2 Security Chip
If one or more of the above conditions arenʼt met when receiving an
EraseDevice command, a Mac by default falls back to using a macOS 11 behavior called obliteration. After a device is erased with obliteration, you must reinstall macOS before the Mac can be used.
You can manage the obliteration fallback behavior for erasing a Mac in the
ObliterationBehavior key. If Erase All Content and Settings fails, you use this key (which has no effect on machines prior to the T2 chip) to specify a Mac’s fallback behavior by choosing one of the following values:
Default (or missing key): The device responds to the server with an
Errorstatus or no status, and then attempts obliteration.
DoNotObliterate: The device responds with an
Errorstatus, and no obliteration occurs.
ObliterateWithWarning: The device responds with an
Warningstatus, and then attempts obliteration.
Important: Mac computers enrolled in an MDM solution can be inadvertently erased if the Mac has FileVault turned on and it doesn’t support Erase All Content and Settings. The behavior is similar to obliteration, and a full reinstall of macOS is required.