Deprovisioning is the process of removing a device from management. This is necessary when a device is disposed of or when an employee leaves a company and company data needs to be removed from a personally-owned device.
There are four methods for deprovisioning a device and wiping company data:
- WIPE command
- RELINQUISH_OWNERSHIP command
enterprises.devices.deletemethodenterprises.deletemethod
WIPE command
This method triggers company-owned devices to factory reset and personally-owned
devices to delete the work profile. Call enterprises.devices.issueCommand
with type = WIPE, or provide a wipeParams
object. The wipeParams object can specify how to treat Factory Reset
Protection (FRP) data, external storage and eSIMs during the wipe. You can
provide a set of localized messages to display to users of personally-owned
devices to explain the work profile deletion using wipeParams.wipeReason.
The command can be tracked
and cancelled
until it is acknowledged by the device or it expires.
After the device confirms the completion of the WIPE command to the server, the
device record is deleted.
RELINQUISH_OWNERSHIP command
This method is used when a company-owned, personally-enabled device is converted
to a personally-owned device. It deletes the work profile from the device and
removes the device from management. Any data or apps in the personal profile of
the device are preserved. Any PersonalUsagePolicies
that were set by the EMM are removed.
The device record is deleted after this action.
enterprises.devices.delete method
Calling enterprises.devices.delete
immediately deletes the device record.
The server sends a wipe instruction to the device. For company-owned devices,
this triggers a factory reset. For personally-owned devices, this deletes the
work profile. However, if the device is offline when enterprises.devices.delete
is called and remains offline for more than 30 days, the wipe instruction won't
reach the device, and company data will remain.
Because data wiping is not guaranteed with this method, it is recommended only when data must be removed from Google servers within a specific timeframe, such as when a company requests the EMM to immediately delete all company data.
enterprises.delete method
For EMM-managed enterprises, the EMM can call enterprises.delete,
which deletes the enterprise record and all associated device records. This has
the same effect as calling enterprises.devices.delete
on each device within the enterprise.
For customer-managed enterprises, this method is not supported. Instead, the IT admin can delete the enterprise using the Google Admin console or the Google Play Console.