RemoteWipe CSP
The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely reset a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely reset after being lost or stolen. Enterprise IT Professionals can update these settings by using the Exchange Server.
Windows edition and licensing requirements
The following table lists the Windows editions that support Remote wipe:
| Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
|---|---|---|---|
| Yes | Yes | Yes | Yes |
Remote wipe license entitlements are granted by the following licenses:
| Windows Pro/Pro Education/SE | Windows Enterprise E3 | Windows Enterprise E5 | Windows Education A3 | Windows Education A5 |
|---|---|---|---|---|
| Yes | Yes | Yes | Yes | Yes |
For more information about Windows licensing, see Windows licensing overview.
The following list shows the RemoteWipe configuration service provider nodes:
- ./Device/Vendor/MSFT/RemoteWipe
AutomaticRedeployment
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1809 [10.0.17763] and later |
./Device/Vendor/MSFT/RemoteWipe/AutomaticRedeployment
Node for the Autopilot Reset operation.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Get |
AutomaticRedeployment/doAutomaticRedeployment
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1809 [10.0.17763] and later |
./Device/Vendor/MSFT/RemoteWipe/AutomaticRedeployment/doAutomaticRedeployment
Exec on this node triggers Autopilot Reset operation. This works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Microsoft Entra ID and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Exec |
AutomaticRedeployment/LastError
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1809 [10.0.17763] and later |
./Device/Vendor/MSFT/RemoteWipe/AutomaticRedeployment/LastError
Error value, if any, associated with Automatic Redeployment operation (typically an HRESULT).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Get |
| Default Value | 0 |
AutomaticRedeployment/Status
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1809 [10.0.17763] and later |
./Device/Vendor/MSFT/RemoteWipe/AutomaticRedeployment/Status
Status value indicating current state of an Automatic Redeployment operation. 0: Never run (not started). The default state. 1: Complete. 10: Reset has been scheduled. 20: Reset is scheduled and waiting for a reboot. 30: Failed during CSP Execute ("Exec" in SyncML). 40: Failed: power requirements not met. 50: Failed: reset internals failed during reset attempt.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Get |
| Default Value | 0 |
doWipe
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1511 [10.0.10586] and later |
./Device/Vendor/MSFT/RemoteWipe/doWipe
Exec on this node will perform a remote wipe on the device. The return status code shows whether the device accepted the Exec command. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element.
A remote reset is equivalent to running Reset this PC > Remove everything from the Settings app, with Clean Data set to No and Delete Files set to Yes. If a doWipe reset is started and then interrupted, the PC will attempt to roll-back to the pre-reset state. If the PC can't be rolled-back, the recovery environment will take no additional actions and the PC could be in an unusable state and Windows will have to be reinstalled.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Exec |
doWipeCloud
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 22H2 [10.0.22621] and later |
./Device/Vendor/MSFT/RemoteWipe/doWipeCloud
Exec on this node will perform a cloud-based remote wipe on the device. The return status code shows whether the device accepted the Exec command.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Exec |
doWipeCloudPersistProvisionedData
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 22H2 [10.0.22621] and later |
./Device/Vendor/MSFT/RemoteWipe/doWipeCloudPersistProvisionedData
Exec on this node will back up provisioning data to a persistent location and perform a cloud-based remote wipe on the device. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Exec |
doWipeCloudPersistUserData
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 22H2 [10.0.22621] and later |
./Device/Vendor/MSFT/RemoteWipe/doWipeCloudPersistUserData
Exec on this node will perform a cloud-based remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Exec |
doWipePersistProvisionedData
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1511 [10.0.10586] and later |
./Device/Vendor/MSFT/RemoteWipe/doWipePersistProvisionedData
Exec on this node will back up provisioning data to a persistent location and perform a remote wipe on the device. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command.
Provisioning packages are persisted in %SystemDrive%\ProgramData\Microsoft\Provisioning directory.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Exec |
doWipePersistUserData
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1709 [10.0.16299] and later |
./Device/Vendor/MSFT/RemoteWipe/doWipePersistUserData
Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.
This setting is equivalent to selecting Reset this PC > Keep my files when manually starting a reset from the Settings app.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Exec |
doWipeProtected
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ❌ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1703 [10.0.15063] and later |
./Device/Vendor/MSFT/RemoteWipe/doWipeProtected
Exec on this node will perform a remote wipe on the device and fully clean the internal drive. In some device configurations, this command may leave the device unable to boot. The return status code shows whether the device accepted the Exec command. The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, doWipeProtected will keep trying to reset the device until it's done.
Note
Because doWipeProtected will clean the partitions in case of failure or interruption, use doWipeProtected in lost/stolen device scenarios.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Exec |