To wipe your own device that you use for work or school, go here instead.
This feature is available with Cloud Identity Free and Cloud Identity Premium editions. Compare editions
If a managed device goes missing or a user leaves your organization, you can use Google Admin console to wipe work or school data from the device. Depending on the device platform, you can wipe a user’s work account, their work profile, or all data. Users can still access their work data on a computer, a web browser, or another authorized mobile device.
- If you use factory reset protection, before you wipe a device and reset it, ensure you can access an associated admin account. The account must be active, and never deleted or suspended and then restored.
- If you enable OEM unlock, factory reset protection doesn't activate.
System requirements
To wipe an account from a device
- Mobile devices must be managed (basic or advanced mobile management)
Note: For Android devices that meet all the following conditions, you can only wipe the device (not the account):
- Currently under basic mobile management but previously under advanced mobile management
- In Device Owner mode (company-owned devices and personal devices set up as “work only”)
- Managed with Android Device Policy
- Endpoints must be managed with Drive for desktop
To wipe a device
- Mobile devices (Requires advanced mobile management):
- Android devices with the Android Device Policy
- Device-enrolled iOS devices with a device policy profile
- Google Sync (Google Workspace only)
- Microsoft Windows 10 or 11 devices must be enrolled in Windows device management
Step 1: Decide what to wipe from the device
You can wipe all apps and data from a device or only from a work account. You can do the following actions:
- Wipe a device—If it’s a company-owned or personal device that’s lost or stolen. This option removes all work data and apps from the device. For Android devices that don’t have a work profile and device-enrolled iOS devices, it also removes personal data and apps.
- Wipe an account—If it’s a personal device and the user is leaving your organization.
How wipe works by platform or management type
AndroidThe data that's removed from a device depends on the device type:
|
Device type |
Wipe device | Wipe account |
|---|---|---|
|
Personal device with a work profile |
The user’s work profile is removed, which includes the work account and all apps and data associated with it. Personal data and apps remain on the device. |
Same as Wipe device |
|
Company-owned device (or a personal device the user sets as work only) |
The device is reset to its factory settings. All work and personal data is removed. |
The device is reset to its factory settings. All work and personal data is removed. Note: If the device is currently under basic mobile management but was previously under advanced mobile management, wiping the account isn’t supported and the only option is to wipe the device. |
The data that's removed from a device depends on how the user's work or school data syncs to the device and who owns the device:
| Device type | Wipe device | Wipe account |
|---|---|---|
| User-enrolled iOS device | Not available |
The work account, Google mobile device management configuration profile, and managed apps are removed. VPP licenses assigned to the device are revoked. Personal data and apps remain on the device. |
| Device-enrolled iOS device |
The device is reset to its factory settings. All work data, personal data, and apps are removed. |
The work account, Google mobile device management configuration profile, and managed apps are removed. VPP licenses assigned to the device are revoked. Personal data and apps remain on the device. |
| iOS device using iOS Sync for Google Workspace |
The device is reset to its factory settings. All work data, personal data, and apps are removed. |
The work account is removed. For devices under advanced mobile management, the Google mobile device management configuration profile and managed apps are also removed. Personal data and apps remain on the device. |
| Company-owned iOS device (supervised) |
The device is reset to its factory settings. All work data, personal data, and apps are removed. |
Same as the Wipe device column |
| iOS device using Google Sync for Google Workspace |
The device is reset to its factory settings. All work data, personal data, and apps are removed. |
Not available |
| Device type | Wipe device | Wipe account |
|---|---|---|
| Microsoft Windows 10 or 11 device enrolled in Windows device management |
The device is reset to its factory settings. All work and personal data is removed. |
Not available. However, if the device is enrolled in Windows device management, you can remove all settings pushed to the device by unenrolling the device. For details, go to Unenroll a device from Windows device management. |
Only option is Wipe account. Local Drive data is removed from the device and the user is signed out of Drive for desktop. Data is usually removed immediately from devices connected to the internet with Drive for desktop running.
Account wipe limitations:
- If the device isn’t connected to the internet, the user can still access the content that Drive for desktop makes available offline until the device syncs and gets the account wipe instruction.
- Only streamed content is removed when you wipe the account (or block the device). Mirrored content remains on the device. Tip: As an admin, you can control whether users can mirror files.
- On macOS devices, files with unsynced edits may remain on the device after an account wipe.
- Users can still sign in again if their account is active and can enter valid credentials. To block use of Drive for desktop on the device, block the device.
Step 2: If you have access to the device, manage accounts
If the device isn’t lost or stolen, and you have access to it:
- Make sure the user can access their work account:
- If they don’t know their password, you need to reset it. Reset the password before you wipe the device. If you don't, the user might need to wait at least 24 hours before they can sign back in to the device.
- If the account is suspended, you need to restore it. For details, go to Restore a suspended user.
- Make sure any administrators who have access to Android devices with factory reset protection can sign in. The accounts must be active for the admin to access the device after it’s wiped.
- Sign out and remove the work account before you wipe the device or account.
Step 3: Wipe a device or a work account from a device
To find the devices you want to wipe, go to the user's account page or the Devices list.
-
Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.
- Go to Menu
Directory > Users.
- In the Users list, find the user. If you need help, go to Find a user account.
- Click the user’s name to open their account page.
- Click Managed devices.
-
To wipe a single device, point to the device and click More
Wipe Account or Wipe Device.
To wipe several devices at once, select the devices you want to wipe and click More
If you’re not sure which option to choose, review Decide what to wipe from the device. Not all options may be available.
-
(Optional) To remove factory reset protection when you're wiping an account for Android devices, check the Also remove factory reset device protection box.
The device will no longer require the owner or admin to sign in after it’s reset.
-
Click Wipe Account or Wipe Device to confirm.
On the next sync, data is deleted and, if applicable, the device is reset. It usually takes a few minutes for the data to be removed from the device, but it might take up to 3 hours for some devices. The wipe continues if the devices go offline. When the wipe is complete, after the next sync the Admin console shows the device status as Wiped or Account Wiped.
If the device isn't online, the Admin console shows the device status as Approved or Wiping. After the device is back online and the wipe is complete, the status updates to Wiped or Account Wiped.
For information about the factory-reset process, see the device's documentation.
- (Optional) To cancel a device wipe, click More
-
(For Android devices) If the device is listed twice in the devices list, repeat the process for each entry. A device can be listed twice if the user adds more than one account to the device or if they add the same work account to their work profile and personal space.
-
Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.
-
To wipe a single device, point to the device and click More
To wipe several devices at once, select the devices you want to wipe and click More
If you’re not sure which option to choose, review Decide what to wipe from the device. Not all options may be available.
-
(Optional) To remove factory reset protection when you're wiping an account for Android devices, check the Also remove factory reset device protection box.
The device will no longer require the owner or admin to sign in after it’s reset.
-
Click Wipe Account or Wipe Device to confirm.
On the next sync, data is deleted and, if applicable, the device is reset. It usually takes a few minutes for the data to be removed from the device, but it might take up to 3 hours for some devices. The wipe continues if the devices go offline. When the wipe is complete, after the next sync the Admin console shows the device status as Wiped or Account Wiped.
If the device isn't online, the Admin console shows the device status as Approved or Wiping. After the device is back online and the wipe is complete, the status updates to Wiped or Account Wiped.
For information about the factory-reset process, see the device's documentation.
- (Optional) To cancel a device wipe, click More
- (For Android devices) If the device is listed twice in the devices list, repeat the process for each entry. A device can be listed twice if the user adds more than one account to the device or if they add the same work account to their work profile and personal space.
Allow Android users to wipe their own device
This feature is available with Cloud Identity Premium edition. Compare editions
Requires advanced mobile management
You can allow users to remotely wipe their own devices. When they wipe their device, the same data is removed as when an administrator chooses to wipe a device. For details, go to Decide what to wipe from the device.
Before you begin: If you need to set up a department or team for this setting, go to Add an organizational unit.
-
Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.
-
Go to Menu
Devices > Mobile and endpoints > Settings > Android.
Requires having the Services and devices administrator privilege.
- Click General
- (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
- Check the Allow Users to wipe their devices from My Devices box.
-
Click Save. Or, you might click Override for an organizational unit.
To later restore the inherited value, click Inherit.
To give your users details on how to remotely wipe their device, go to Remotely manage lost or stolen work devices.
Related topics
- Block access to your Google service on a lost device
- Sign users out from computers
- Android encryption methods
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.