Apple Platform Security
- Welcome
- Intro to Apple platform security
-
- System security overview
- Signed system volume security
- Secure software updates
- Rapid Security Responses
- Operating system integrity
- BlastDoor for Messages and IDS
- Lockdown Mode security
- System security for watchOS
- Random number generation
- Apple Security Research Device
-
- Services security overview
-
- Apple Pay security overview
- Apple Pay component security
- How Apple Pay keeps users’ purchases protected
- Payment authorization with Apple Pay
- Paying with cards using Apple Pay
- Contactless passes in Apple Pay
- Rendering cards unusable with Apple Pay
- Apple Card security
- Apple Cash security
- Tap to Pay on iPhone
- Secure Apple Messages for Business
- FaceTime security
- Glossary
- Document revision history
- Copyright
Managed Lost Mode and remote wipe
Managed Lost Mode is used to locate supervised devices when they are stolen. After they are located, they can be remotely locked or erased.
Managed Lost Mode
If a supervised iPhone or iPad is lost or stolen, a mobile device management (MDM) administrator can remotely enable Lost Mode (called Managed Lost Mode) on that device. When Managed Lost Mode is enabled, the current user is logged out and the device can’t be unlocked. The screen displays a message that can be customized by the administrator, such as displaying a phone number to call if the device is found. The administrator can also request the device to send its current location (even if Location Services are off) and, optionally, play a sound. When an administrator turns off Managed Lost Mode, which is the only way the mode can be exited, the user is informed of this action through a message on the Lock Screen or an alert on the Home Screen.
Remote wipe
iPhone, iPad, Mac, Apple TV, Apple Watch and Apple Vision Pro devices can be erased remotely by an administrator or user, rendering all data unreadable.
When a remote wipe command is triggered by MDM or iCloud, the device sends an acknowledgment back to the MDM solution and performs the wipe. For remote wipe through Microsoft Exchange ActiveSync, the device checks in with the Microsoft Exchange Server before performing the wipe.
Remote wipe isn’t possible in the following situations:
With User Enrollment
Using Microsoft Exchange ActiveSync when the account that was installed with User Enrollment
Using Microsoft Exchange ActiveSync if the device is supervised
Users can also wipe supported devices in their possession using Settings (iPhone, iPad, and Apple Vision Pro) or System Settings (Mac). And as mentioned, iPhone, iPad, Apple Watch, and Apple Vision Pro devices can be set to automatically wipe after a series of failed passcode attempts.
Instant remote wipe is available on a Mac with Apple silicon and a Mac with an Apple T2 Security Chip or if FileVault is turned on. Instant remote wipe is achieved by securely discarding the media key.