Completely separate the "Remove company data" and "Factory reset" buttons far enough apart to avoid accidental full device wipe.
Completely separate the "Remove company data" and "Factory reset" buttons far enough apart to avoid accidental full device wipe. Currently these buttons are right next to one another and it is very easy to accidentally perform a full device wipe (factory reset) on a user's personal device - losing all data, versus the intent of just wiping the company data. Consider putting the "Factory reset" button in the "..." more section -- away from the primary choices.
I would like to add to this, if there is a way to add in a business justification, or an attachment (such as an approval email) to do this action. All of our users have raised concerns with having a factory reset option.
This particular option is in fact lowering the adoption of Microsoft mobile apps such as Teams and SharePoint because as much as users want these apps, they dont want the factory reset option so easily available
Adam Koselak commented
This is really bigger problem than anyone actually think. You should not br able to factory reset users phone only corp data.
I agree, this action should be a specific RBAC assignment. It is the single biggest question we have regarding full MDM on a BYO device. I'd love to be able to say that our helpdesk/support staff role can only issue company data wipes. Alternatively, you could grey out the option for Factory Reset if the device ownership is set to Personal.
I'd augment this request to require a different RBAC assignment so it can be locked down further, including a requirement for multi-person approval in the workflow to do a reset.
Otherwise, BYOD policies are just silly. Who would possibly allow their own personal device to be reset by any third party, no matter how beneficent their intentions are as stated in a paper policy?
There needs to be separate controls for Reset Device and multiple levels of management (perhaps the Department Manager of the terminated employee, AND the HR Director, AND the IT Manager, all who must logon to Intune with their own accounts and affirmatively approve a BYOD full reset.
Otherwise, BYOD is a terrible risk to the employee and, at least in our company, will be DOA.
What employee would willingly offer up a personal device exposed to the risk that Intune permits today just to save its company the expense of providing corporate-owned devices (which would not have such complications)?
Additionally, please consider renaming the "Factory reset" button to something like "Full device wipe" or "Remove All Device Data".
Garrett Nelson commented
Otherwise, making the "are you sure" process a little harder to accidentally bypass would be good. For example, make it ask if you are really sure you want to do this, type the word wipe into the box below to confirm and click OK.