Erasing a Device

You can remotely wipe all content, settings, and apps from an iPad, iPhone, or Mac from your Jamf Now Devices page. The end-to-end erase process varies depending on the device type.

Special considerations for Mac:
  • In a slow internet environment, the erase process can take a long time, so be prepared before sending the command. For more information about reinstalling macOS, see the following article on Apple's support website: https://support.apple.com/HT204904.

  • The Mac must be logged in to the local account to receive and execute the Erase Device command from Jamf Now. If you do not know the password for the local account, the Recovery Key can be used to login. For more information, see If you forgot your Mac login password on Apple's Support website.

  • If you are sending an Erase Device command to a Mac with FileVault turned on, the computer needs to be logged in first. If you forgot your user password, you can use your FileVault Recovery Key to unlock the device. For a walkthrough of using your Recovery Key to unlock an Intel-based Mac, see the "Use the private key to unlock a user's startup disk" section of the following Apple Support article: support.apple.com/HT202385.

  • (Intel-based Macs only) As part of the erase process, you must create a six-digit PIN to unlock the Mac. Jamf Now does not store the Unlock PIN and will not be able to bypass the lock if the PIN is forgotten. We recommend saving the PIN in a secure place in case it is forgotten.

Requirements

The device to be erased must be enrolled with Jamf Now and have an internet connection.

Before sending the Erase Device command to a Mac, ensure that it is in a good state to be erased:

  • If FileVault is enabled on the Mac or if it is locked via Activation Lock, we recommend that you clear those settings before erasing it, or that you export device data to preserve the recovery key and Bypass Code.

  • The Mac must still be actively checking in with Jamf Now.

Warning:

If erasing a device that uses an eSIM, the Erase Device command will wipe the cellular plan data from the device. Your users should have a backup through iCloud or iTunes to prevent data loss.

If a device record is removed from Jamf Now's Devices inventory, the associated FileVault Key, Activation Lock bypass code, and anything entered in device Notes will be lost. Jamf recommends exporting device data before removing the device record of an erased or unenrolled device.

  1. Log in to Jamf Now.
  2. Select the device you want to erase.
  3. Click on the Action pop-up menu (•••) in the top-right corner and select Erase device.

    Screenshot of the Devices section, highlighting where to Erase a device in the pop-up menu.

  4. On the pop-up window, click Erase.

After an iPad or iPhone is erased, it is ready to be re-enrolled (Automated Device Enrollment is recommended). For more information, see Re-enrolling a Managed Device Using Automated Device Enrollment.

After a Mac is erased, depending on its hardware requirements, it may need to be reinstalled and rebooted in recovery mode, or it may restore to the factory settings. To verify hardware requirements, see Remote wipe on macOS with MDM from Apple Platform Deployment. After hardware-related requirements have been met, the Mac can be re-enrolled (Automated Device Enrollment is recommended). For more information, see Re-enrolling a Computer Using Automated Device Enrollment.