I'm curious about the security implications of using Intune's Remote Wipe feature. I understand that Remote Wipe doesn't completely secure erase data since it doesn't overwrite it. For example, if a device is encrypted with BitLocker, does executing a Remote Wipe pose any vulnerabilities if the TPM isn't cleared? From my experience, the process requires user interaction to clear the TPM. If an adversary has the device, they likely wouldn't want to clear the TPM when prompted, right? What state would the device be left in after a Remote Wipe, and what are the risks or potential loopholes? Could someone extract the BitLocker keys under these circumstances?
5 Answers
If you’re worried about data security, consider setting up a startup PIN for BitLocker. It adds an extra layer of protection against unauthorized access.
Intune remote wipe is mainly for preventing access to data by employees, not necessarily for thwarting more advanced threats like nation-state actors.
I've seen remote wipe attempts fail on PCs. Once, it started but didn’t finish, leaving everything intact. Another time, it ended in a half-baked state where I couldn’t even log in as an admin without going through recovery mode. It’s not foolproof for sure.
If an adversary has the device, they probably won't let it connect to the internet, so they would miss any remote wipe commands completely. The purpose of a TPM is to protect access to decryption keys. BitLocker isn’t just for compliance; it actively secures your data against theft.
Anyone skilled enough to hack a TPM would definitely know to isolate the device from the network. Without that connection, remote wipes won’t work, making this concern a bit moot.
So you're saying all government agencies can just bypass BitLocker? That’s a bold claim!