RemoteWipe CSP

The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely reset a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely reset after being lost or stolen. Enterprise IT Professionals can update these settings by using the Exchange Server.

Windows edition and licensing requirements

The following table lists the Windows editions that support Remote wipe:

Windows Pro Windows Enterprise Windows Pro Education/SE Windows Education
Yes Yes Yes Yes

Remote wipe license entitlements are granted by the following licenses:

Windows Pro/Pro Education/SE Windows Enterprise E3 Windows Enterprise E5 Windows Education A3 Windows Education A5
Yes Yes Yes Yes Yes

For more information about Windows licensing, see Windows licensing overview.

The following list shows the RemoteWipe configuration service provider nodes:

AutomaticRedeployment

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1809 [10.0.17763] and later
./Device/Vendor/MSFT/RemoteWipe/AutomaticRedeployment

Node for the Autopilot Reset operation.

Description framework properties:

Property name Property value
Format node
Access Type Get

AutomaticRedeployment/doAutomaticRedeployment

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1809 [10.0.17763] and later
./Device/Vendor/MSFT/RemoteWipe/AutomaticRedeployment/doAutomaticRedeployment

Exec on this node triggers Autopilot Reset operation. This works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Microsoft Entra ID and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Exec

AutomaticRedeployment/LastError

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1809 [10.0.17763] and later
./Device/Vendor/MSFT/RemoteWipe/AutomaticRedeployment/LastError

Error value, if any, associated with Automatic Redeployment operation (typically an HRESULT).

Description framework properties:

Property name Property value
Format int
Access Type Get
Default Value 0

AutomaticRedeployment/Status

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1809 [10.0.17763] and later
./Device/Vendor/MSFT/RemoteWipe/AutomaticRedeployment/Status

Status value indicating current state of an Automatic Redeployment operation. 0: Never run (not started). The default state. 1: Complete. 10: Reset has been scheduled. 20: Reset is scheduled and waiting for a reboot. 30: Failed during CSP Execute ("Exec" in SyncML). 40: Failed: power requirements not met. 50: Failed: reset internals failed during reset attempt.

Description framework properties:

Property name Property value
Format int
Access Type Get
Default Value 0

doWipe

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1511 [10.0.10586] and later
./Device/Vendor/MSFT/RemoteWipe/doWipe

Exec on this node will perform a remote wipe on the device. The return status code shows whether the device accepted the Exec command. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element.

A remote reset is equivalent to running Reset this PC > Remove everything from the Settings app, with Clean Data set to No and Delete Files set to Yes. If a doWipe reset is started and then interrupted, the PC will attempt to roll-back to the pre-reset state. If the PC can't be rolled-back, the recovery environment will take no additional actions and the PC could be in an unusable state and Windows will have to be reinstalled.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Exec

doWipeCloud

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 22H2 [10.0.22621] and later
./Device/Vendor/MSFT/RemoteWipe/doWipeCloud

Exec on this node will perform a cloud-based remote wipe on the device. The return status code shows whether the device accepted the Exec command.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Exec

doWipeCloudPersistProvisionedData

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 22H2 [10.0.22621] and later
./Device/Vendor/MSFT/RemoteWipe/doWipeCloudPersistProvisionedData

Exec on this node will back up provisioning data to a persistent location and perform a cloud-based remote wipe on the device. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Exec

doWipeCloudPersistUserData

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 11, version 22H2 [10.0.22621] and later
./Device/Vendor/MSFT/RemoteWipe/doWipeCloudPersistUserData

Exec on this node will perform a cloud-based remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Exec

doWipePersistProvisionedData

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1511 [10.0.10586] and later
./Device/Vendor/MSFT/RemoteWipe/doWipePersistProvisionedData

Exec on this node will back up provisioning data to a persistent location and perform a remote wipe on the device. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command.

Provisioning packages are persisted in %SystemDrive%\ProgramData\Microsoft\Provisioning directory.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Exec

doWipePersistUserData

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1709 [10.0.16299] and later
./Device/Vendor/MSFT/RemoteWipe/doWipePersistUserData

Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.

This setting is equivalent to selecting Reset this PC > Keep my files when manually starting a reset from the Settings app.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Exec

doWipeProtected

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1703 [10.0.15063] and later
./Device/Vendor/MSFT/RemoteWipe/doWipeProtected

Exec on this node will perform a remote wipe on the device and fully clean the internal drive. In some device configurations, this command may leave the device unable to boot. The return status code shows whether the device accepted the Exec command. The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, doWipeProtected will keep trying to reset the device until it's done.

Note

Because doWipeProtected will clean the partitions in case of failure or interruption, use doWipeProtected in lost/stolen device scenarios.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Exec

Configuration service provider reference