Using IT administration commands to
protect a lost or stolen device
The BlackBerry Enterprise Server includes IT administration commands that you can send over the wireless network to
protect sensitive data on a BlackBerry device. You can use the commands to lock the device, permanently delete work
data, permanently delete user information and application data, and return the device settings to the default values.
IT administration command
Description
Specify new device password and lock
device
This command creates a new password and locks a device over the wireless
network. You can communicate the new password to the user verbally when the
BlackBerry device user locates the device. When the user unlocks the device,
the device prompts the user to accept or reject the new password.
You can use this command if the device is lost. If you or a user turned on content
protection and a device is running BlackBerry Device Software 4.3.0 or later,
you can use this command. If you or a user turned on two-factor content
protection, you cannot use this command.
Delete only the organization data and
remove device
This command permanently deletes all work data that the device stores and
removes the device from the BlackBerry Enterprise Server. All personal data
remains on the device.
You can send this command to a personal device when a user no longer works at
your organization and you want to delete work data from the device.
You can also specify whether you want to delete or disable a user account from
the BlackBerry Enterprise Server after the device deletes all work data.
Delete all device data and remove
device
This command permanently deletes all user information and application data
that the device stores. You can configure the following options when you use this
command:
• specify a delay, in hours, that must occur before the device starts to delete
all the user information and application data
• require the device to return to its factory default settings when it receives
this command
• specify whether to permit the user to stop permanently deleting data from
the device and making the device unavailable during the delay period
You can send this command to a device that you want to distribute to another
user in your organization, or to a device that is lost and that the user might not
recover.
Administration Guide
Protecting and redistributing devices
278