Skip to content

Wipe device

You can remotely wipe a device that is managed by Sophos Mobile. This resets the device to its factory settings.


You can’t wipe the following devices:

  • Devices where Sophos Mobile only manages the Sophos container.
  • Android Enterprise work profile devices.
  • Apple User Enrollment devices.
  • Macs you’ve locked remotely.

Windows computers with BitLocker Drive Encryption are restarted and locked, not reset. Users must enter the BitLocker recovery key to unlock the device.

To wipe a device remotely:

  1. On the menu sidebar, click Devices.
  2. On the Devices page, click the blue triangle next to the device that you want to wipe and then click Show.
  3. On the Show device page, click Actions > Wipe.
  4. For some device types, you have to configure additional settings:

    • For Android Enterprise fully managed devices, turn on Factory Reset Protection, if required.


      If the Google accounts you configured for Factory Reset Protection are invalid, or if you don’t know the account credentials, the device becomes unusable after the wipe. See Android Factory Reset Protection.

    • For iPhones and iPads, configure these settings in the confirmation dialog:

      • Preserve data plan: If a cellular data plan is available on the device, it is preserved after the factory reset.
      • Forbid Quick Start: For the first device start after the factory reset, skip the Quick Start step in the Setup Assistant that allows the user to transfer content from another iPhone.
    • For Macs, set a 6-digit PIN that must be entered on the Mac to unlock it.

  5. Click Yes in the confirmation dialog.

A task to wipe the device is created and transferred to the device.


You find the macOS system lock PIN on the device page under Device properties > Unlock passcode and on the Task details page under Lock PIN.