Lost Mode, remote wipe, and remote lock
Remote wipe and remote lock
iOS, iPadOS, and macOS devices can be erased remotely by an administrator or user (instant remote wipe is available only if the Mac has FileVault enabled). Instant remote wipe is achieved by securely discarding the block storage encryption key from Effaceable Storage, rendering all data unreadable. A remote wipe command can be initiated by mobile device management (MDM), Microsoft Exchange ActiveSync (for iOS and iPadOS), or iCloud. On a Mac, the computer sends an acknowledgment and performs the wipe. With a remote lock, MDM requires that a six-digit passcode be applied to the Mac, rendering any user locked out until this passcode is typed in.
When a remote wipe command is triggered by MDM or iCloud, the device sends an acknowledgment and performs the wipe. For remote wipe through Microsoft Exchange ActiveSync, the device checks in with the Microsoft Exchange Server before performing the wipe. Remote wipe is not possible in two situations:
With User Enrollment
For iOS and iPadOS, using Microsoft Exchange ActiveSync when the account that was installed with User Enrollment
Users can also wipe iOS and iPadOS devices in their possession using the Settings app. And as mentioned, devices can be set to automatically wipe after a series of failed passcode attempts.