Notification

Duet AI is now Gemini for Google Workspace. Learn more

Wipe corporate data from a device

To wipe your own device that you use for work or school, go here instead.

Supported editions for these features (except as noted): Frontline Starter and Frontline Standard; Business Starter, Business Standard, and Business Plus; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, Education Plus, and Endpoint Education Upgrade; Essentials, Enterprise Essentials, and Enterprise Essentials Plus; G Suite Basic and G Suite Business; Cloud Identity Free and Cloud Identity Premium.  Compare your edition

If a managed device goes missing or a user leaves your organization, you can use Google Admin console to wipe work or school data from the device. Depending on the device platform, you can wipe a user’s work account, their work profile, or all data. Users can still access their work data on a computer, a web browser, or another authorized mobile device.

Important (Android):
  • If you use factory reset protection, before you wipe a device and reset it, ensure you can access an associated admin account. The account must be active, and never deleted or suspended and then restored.
  • If you enable OEM unlock, factory reset protection doesn't activate.

System requirements

To wipe an account from a device

  • Mobile devices must be managed (basic or advanced mobile management)

    Note: For Android devices that meet all the following conditions, you can only wipe the device (not the account):

    • Currently under basic mobile management but previously under advanced mobile management
    • In Device Owner mode (company-owned devices and personal devices set up as “work only”)
    • Managed with Android Device Policy
  • Endpoints must be managed with Drive for desktop

To wipe a device

  • Mobile devices (Requires advanced mobile management):
    • Android devices with the Android Device Policy
    • Device-enrolled iOS devices with a device policy profile
    • Google Sync (Google Workspace only)
  • Microsoft Windows 10 or 11 devices must be enrolled in Windows device management

Step 1: Decide what to wipe from the device

You can wipe all apps and data from a device or only from a work account. You can do the following actions:

  • Wipe a device—If it’s a company-owned or personal device that’s lost or stolen. This option removes all work data and apps from the device. For Android devices that don’t have a work profile and device-enrolled iOS devices, it also removes personal data and apps.
  • Wipe an account—If it’s a personal device and the user is leaving your organization.

How wipe works by platform or management type

Expand section  |  Collapse all

Android

The data that's removed from a device depends on the device type:

Device type

Wipe device Wipe account

Personal device with a work profile

The user’s work profile is removed, which includes the work account and all apps and data associated with it.

Personal data and apps remain on the device.

Same as Wipe device

Company-owned device (or a personal device the user sets as work only)

The device is reset to its factory settings.

All work and personal data is removed.

The device is reset to its factory settings. All work and personal data is removed.

Note: If the device is currently under basic mobile management but was previously under advanced mobile management, wiping the account isn’t supported and the only option is to wipe the device.

iOS

The data that's removed from a device depends on how the user's work or school data syncs to the device and who owns the device:

Device type Wipe device Wipe account
User-enrolled iOS device Not available

The work account, Google mobile device management configuration profile, and managed apps are removed. VPP licenses assigned to the device are revoked.

Personal data and apps remain on the device.

Device-enrolled iOS device

The device is reset to its factory settings.

All work data, personal data, and apps are removed.

The work account, Google mobile device management configuration profile, and managed apps are removed. VPP licenses assigned to the device are revoked.

Personal data and apps remain on the device.

iOS device using iOS Sync for Google Workspace

The device is reset to its factory settings.

All work data, personal data, and apps are removed.

The work account is removed.

For devices under advanced mobile management, the Google mobile device management configuration profile and managed apps are also removed.

Personal data and apps remain on the device.

Company-owned iOS device (supervised)

The device is reset to its factory settings.

All work data, personal data, and apps are removed.

Same as the Wipe device column
iOS device using Google Sync for Google Workspace

The device is reset to its factory settings.

All work data, personal data, and apps are removed.

Not available
Google Sync
Google Workspace only
Only option is Wipe device. The device is reset to its factory settings. All work and personal data and apps are removed.
Windows 10 enrolled in Windows device management
Device type Wipe device Wipe account
Microsoft Windows 10 or 11 device enrolled in Windows device management

The device is reset to its factory settings.

All work and personal data is removed.

Not available.

However, if the device is enrolled in Windows device management, you can remove all settings pushed to the device by unenrolling the device. For details, go to Unenroll a device from Windows device management.

Drive for desktop

Only option is Wipe account. Local Drive data is removed from the device and the user is signed out of Drive for desktop. Data is usually removed immediately from devices connected to the internet with Drive for desktop running.

Account wipe limitations:

  • If the device isn’t connected to the internet, the user can still access the content that Drive for desktop makes available offline until the device syncs and gets the account wipe instruction.
  • Only streamed content is removed when you wipe the account (or block the device). Mirrored content remains on the device. Tip: As an admin, you can control whether users can mirror files.
  • On macOS devices, files with unsynced edits may remain on the device after an account wipe.
  • Users can still sign in again if their account is active and can enter valid credentials. To block use of Drive for desktop on the device, block the device.

Step 2: If you have access to the device, manage accounts

If the device isn’t lost or stolen, and you have access to it:

  1. Make sure the user can access their work account:
    • If they don’t know their password, you need to reset it. Reset the password before you wipe the device. If you don't, the user might need to wait at least 24 hours before they can sign back in to the device.
    • If the account is suspended, you need to restore it. For details, go to Restore a suspended user.
  2. Make sure any administrators who have access to Android devices with factory reset protection can sign in. The accounts must be active for the admin to access the device after it’s wiped.
  3. Sign out and remove the work account before you wipe the device or account.

Step 3: Wipe a device or a work account from a device

To find the devices you want to wipe, go to the user's account page or the Devices list.

Important: Google Cloud Support can’t unlock or restore a device for you. If you have problems unlocking a reset device, contact the manufacturer for help.

Expand section  |  Collapse all

In the user's account page
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Directoryand thenUsers.
  3. In the Users list, find the user. If you need help, go to Find a user account.
  4. Click the user’s name to open their account page.
  5. Click Managed devices.
    Points out Managed devices link.
  6. To wipe a single device, point to the device and click Moreand thenWipe Account or Wipe Device.

    To wipe several devices at once, select the devices you want to wipe and click Moreand thenWipe Account or Wipe Device.

    If you’re not sure which option to choose, review Decide what to wipe from the device. Not all options may be available.

  7. (Optional) To remove factory reset protection when you're wiping an account for Android devices, check the Also remove factory reset device protection box.

    The device will no longer require the owner or admin to sign in after it’s reset.

  8. Click Wipe Account or Wipe Device to confirm.

    On the next sync, data is deleted and, if applicable, the device is reset. It usually takes a few minutes for the data to be removed from the device, but it might take up to 3 hours for some devices. The wipe continues if the devices go offline. When the wipe is complete, after the next sync the Admin console shows the device status as Wiped or Account Wiped.

    If the device isn't online, the Admin console shows the device status as Approved or Wiping. After the device is back online and the wipe is complete, the status updates to Wiped or Account Wiped.

    For information about the factory-reset process, see the device's documentation.

  9. (Optional) To cancel a device wipe, click Moreand thenCancel device wipe.
  10. (For Android devices) If the device is listed twice in the devices list, repeat the process for each entry. A device can be listed twice if the user adds more than one account to the device or if they add the same work account to their work profile and personal space.

In the Device list
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenMobile & endpointsand thenDevices.
  3. To wipe a single device, point to the device and click Moreand thenWipe Account or Wipe Device.

    To wipe several devices at once, select the devices you want to wipe and click Moreand thenWipe Account or Wipe Device.

    If you’re not sure which option to choose, review Decide what to wipe from the device. Not all options may be available.

  4. (Optional) To remove factory reset protection when you're wiping an account for Android devices, check the Also remove factory reset device protection box.

    The device will no longer require the owner or admin to sign in after it’s reset.

  5. Click Wipe Account or Wipe Device to confirm.

    On the next sync, data is deleted and, if applicable, the device is reset. It usually takes a few minutes for the data to be removed from the device, but it might take up to 3 hours for some devices. The wipe continues if the devices go offline. When the wipe is complete, after the next sync the Admin console shows the device status as Wiped or Account Wiped.

    If the device isn't online, the Admin console shows the device status as Approved or Wiping. After the device is back online and the wipe is complete, the status updates to Wiped or Account Wiped.

    For information about the factory-reset process, see the device's documentation.

  6. (Optional) To cancel a device wipe, click Moreand thenCancel device wipe.
  7. (For Android devices) If the device is listed twice in the devices list, repeat the process for each entry. A device can be listed twice if the user adds more than one account to the device or if they add the same work account to their work profile and personal space.

Allow Android users to wipe their own device

Supported editions for this feature: Frontline Starter and Frontline Standard; Business Plus; Enterprise Standard and Enterprise Plus; Education Standard, Education Plus, and Endpoint Education Upgrade; Enterprise Essentials and Enterprise Essentials Plus; G Suite Basic and G Suite Business; Cloud Identity Premium. Compare your edition

Requires advanced mobile management

You can allow users to remotely wipe their own devices. When they wipe their device, the same data is removed as when an administrator chooses to wipe a device. For details, go to Decide what to wipe from the device.

Before you begin: If you need to set up a department or team for this setting, go to Add an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenMobile and endpointsand thenSettingsand thenAndroid.
  3. Click Generaland thenUser device wipe.
  4. (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
  5. Check the Allow Users to wipe their devices from My Devices box.
  6. Click Save. Or, you might click Override for an organizational unit.

    To later restore the inherited value, click Inherit.

To give your users details on how to remotely wipe their device, go to Remotely manage lost or stolen work devices.

Related topics


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu