Systems Manager (SM) provides the ability to selectively wipe managed clients, which removes all managed apps and managed profiles installed via SM. The selectively wiped device is placed in "Quarantine," preventing it from receiving any profiles or apps until again authorized by a network admin.
Selectively wiping a device secures network resources (WiFi access, Exchange emails) without relying on the device user to remove the SM agent from their device. This feature is most typically utilized when a BYOD device user is no longer affiliated with the Organization, or as an intermediary step before fully wiping a lost or stolen device. For more information about this feature, please see our Cisco Meraki Blog post on the topic.
Selective wipe can be automatically applied to ALL newly enrolled clients by enabling Auto-Quarantine. Newly enrolled devices are quarantined and do not receive any apps or profiles until authorized by a network admin. For instructions on how to implement auto-quarantine, please consult this Knowledge Base article.
An administrator can selectively wipe multiple clients from the Monitor > Clients page, or individual clients from the Client details page.
Windows laptops and desktops and macOS clients need to be enrolled through the profile method for selective wipe to appear in the MDM commands.
After selectively wiping a device, the 'Selective wipe' button switches to Authorize. Select Authorize to remove the device from quarantine, which will re-deploy any pending apps or profiles back to the device. This task can also be accomplished from the Monitor > Clients page by selecting the client(s), clicking the Quarantine pull-down, and choosing Authorize.