{"id":108708,"date":"2024-04-11T10:00:18","date_gmt":"2024-04-11T14:00:18","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=108708"},"modified":"2024-04-12T16:46:59","modified_gmt":"2024-04-12T20:46:59","slug":"understand-the-erase-device-mdm-command","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command","title":{"rendered":"Understand the Erase Device MDM Command"},"content":{"rendered":"\n

The Erase Device command is available as a JumpCloud Security Command for MDM Enrolled macOS and Device MDM Enrolled iOS devices. See MDM Commands<\/a> to learn more about these commands.<\/p>\n\n\n\n

This command can be used in the event of loss or theft of a device to securely erase its contents and ensure they are unrecoverable. Due to the severity of this command, you must enter a PIN as part of the process for macOS devices. <\/p>\n\n\n\n

<\/p><\/div>

Warning:<\/strong> \n

JumpCloud doesn’t retain the PIN used to erase macOS devices and cannot recover it. It is critical that you record the PIN used to erase the macOS device. If you don’t have the PIN, you won’t be able to unlock the device and will need to contact Apple for service to unlock it.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

macOS Devices<\/h2>\n\n\n\n

When you run the erase device command on a macOS device, the expected result depends on the type of device being erased (Intel-based or Apple Silicon Mac), and the version of macOS installed on the device.<\/p>\n\n\n\n

\"\"<\/p>\n\n\n\n

Intel-based without a T2 security coprocessor<\/h3>\n\n\n\n

The Erase Device command performs an \u201cobliteration\u201d of the current system and user data volumes, requiring a full reinstallation of macOS. The command PIN code is used as a security measure along with erasing the device. It places a device-lock on the target device which requires clearing two PIN prompts: a \u201cfirmware\u201d style lock, and<\/em> a \u201cdevice lock\u201d style screen. Both screens are cleared using the PIN provided by the Erase command.<\/p>\n\n\n\n

\u201cFirmware\u201d style lock (1st Screen):
\"\"<\/p>\n\n\n\n

Device lock (2nd Screen):
\"\"<\/p>\n\n\n\n

Intel-based with T2 security coprocessor, or Apple Silicon – macOS 11 and earlier<\/h3>\n\n\n\n

The Erase Device command performs an \u201cobliteration\u201d of the current system and user data volumes, requiring a full reinstallation of the macOS. The PIN portion of the payload is ignored, with the device relying on Activation Lock for additional security.<\/p>\n\n\n\n

Intel-based with T2 security coprocessor, or Apple Silicon – macOS 12 and later<\/h3>\n\n\n\n

The Erase Device command performs an Erase All Contents and Settings (EACS), and fall back to \u201cobliteration\u201d if it encounters a failure. EACS only erases the user-data volume, returning the device to an “out-of-box” experience. This prevents the need a reinstalling macOS on the device. The PIN portion of the payload is ignored, relying instead on Activation Lock for additional security.<\/p>\n\n\n\n

iOS Devices<\/h2>\n\n\n\n

Using the Erase Device command on iOS devices doesn’t prompt for a PIN as it isn’t used on the device. A random PIN is supplied due to MDM command requirements, so a PIN hash is found in the MDM command history but it is always ignored by iOS devices.
\"\"<\/p>\n\n\n\n

The device performs an EACS process, returning it to an \u201cout-of-box\u201d experience. Any eSIM configurations are wiped once the device clears activation with Apple, unless a specific payload to preserve the eSIM has been deployed (requires iOS 17.3 and ADE enrollment\/supervision state).<\/p>\n","protected":false},"excerpt":{"rendered":"

The Erase Device command is available as a JumpCloud Security Command for MDM Enrolled macOS and Device MDM Enrolled iOS […]<\/p>\n","protected":false},"author":218,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2925,2852,3136,2995,3127],"support_tag":[3160],"coauthors":[3011],"acf":[],"yoast_head":"\nUnderstand the Erase Device MDM Command - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how the JumpCloud Erase Device MDM Command works with various Apple device types.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Understand the Erase Device MDM Command\" \/>\n<meta property=\"og:description\" content=\"Learn how the JumpCloud Erase Device MDM Command works with various Apple device types.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-12T20:46:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/04\/mdm_erase_device_command_confirmation_modal.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"nickconrad\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command\",\"url\":\"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command\",\"name\":\"Understand the Erase Device MDM Command - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/04\/mdm_erase_device_command_confirmation_modal.jpg\",\"datePublished\":\"2024-04-11T14:00:18+00:00\",\"dateModified\":\"2024-04-12T20:46:59+00:00\",\"description\":\"Learn how the JumpCloud Erase Device MDM Command works with various Apple device types.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/04\/mdm_erase_device_command_confirmation_modal.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/04\/mdm_erase_device_command_confirmation_modal.jpg\",\"width\":1216,\"height\":1000,\"caption\":\"The confirmation modal requesting a PIN that appears when using the erase device command on an Mac device.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Understand the Erase Device MDM Command\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Understand the Erase Device MDM Command - JumpCloud","description":"Learn how the JumpCloud Erase Device MDM Command works with various Apple device types.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command","og_locale":"en_US","og_type":"article","og_title":"Understand the Erase Device MDM Command","og_description":"Learn how the JumpCloud Erase Device MDM Command works with various Apple device types.","og_url":"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command","og_site_name":"JumpCloud","article_modified_time":"2024-04-12T20:46:59+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/04\/mdm_erase_device_command_confirmation_modal.jpg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes","Written by":"nickconrad"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command","url":"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command","name":"Understand the Erase Device MDM Command - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/04\/mdm_erase_device_command_confirmation_modal.jpg","datePublished":"2024-04-11T14:00:18+00:00","dateModified":"2024-04-12T20:46:59+00:00","description":"Learn how the JumpCloud Erase Device MDM Command works with various Apple device types.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/04\/mdm_erase_device_command_confirmation_modal.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/04\/mdm_erase_device_command_confirmation_modal.jpg","width":1216,"height":1000,"caption":"The confirmation modal requesting a PIN that appears when using the erase device command on an Mac device."},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/understand-the-erase-device-mdm-command#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Understand the Erase Device MDM Command"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/108708"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/218"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/108708\/revisions"}],"predecessor-version":[{"id":108783,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/108708\/revisions\/108783"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=108708"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=108708"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=108708"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=108708"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}