This guide applies to all device platforms
About Device Erase
You can use the Erase Device command on macOS, iOS, iPadOS, tvOS, visionOS, Windows, and Android devices. For Apple devices, this command doesn’t require supervision.How It Works
The Erase Device command permanently removes all data and settings from a device, returning it to factory defaults. The command is delivered through the platform’s MDM framework and executes when the device is online or queued for offline devices.Platform-Specific Erase Information
- Apple Devices
- Windows
- Android
Erase Apple Devices
1
Navigate to Device Record
Navigate to the Device Record in the Iru Web App.
2
Open Device Action Menu
Open the Device Action Menu (ellipsis).
3
Select Erase Device
Select Erase Device.
4
Configure Erase Options
In the confirmation dialog, review the erase details. For iOS and iPadOS 17+ devices, you can select Return to Service and provide a valid WiFi profile if desired.
5
Confirm Erase
Type
ERASE in the confirmation field and click Erase Device to send the command.The erase command will remove all data and settings from the device, returning it to factory defaults.
Apple Device Considerations
- Supervision not required - Erase commands work on both supervised and unsupervised devices
- Immediate execution - Commands are sent via MDM and execute when the device is online
- Data recovery - All data will be permanently deleted and cannot be recovered
- eSIM preservation - eSIM-based cellular plans are automatically preserved when using the Iru Web App
Apple Erase Behavior
macOS Erase Behavior
Depending on the macOS version and hardware support, different erase behaviors will occur:Erase All Content and Settings (EACS)
- Apple Silicon Macs (macOS 12+): Performs EACS
- Intel Macs with T2 (macOS 12+): Performs EACS
- Fallback: If EACS fails, device reverts to obliteration behavior
Obliteration Behavior
- Apple Silicon Macs (macOS 11 and earlier): Obliteration without PIN
- Intel Macs with T1/No security chip (macOS 12+): Obliteration with 6-digit PIN
- Intel Macs with T1/No security chip (macOS 11 and earlier): Obliteration with 6-digit PIN
A 6-digit PIN is automatically generated and available on the device record once the device receives the command. Erase device PINs are not supported on Mac computers with Apple silicon.
iOS and iPadOS Erase Behavior
- Erase All Content and Settings: Device restarts and presents Setup Assistant
- Not a full system restore: Device will not be updated to the latest version
- eSIM preservation: Cellular plans are automatically preserved when using the Iru Web App
Return to Service (iOS/iPadOS 17+)
When erasing iOS or iPadOS 17+ devices, you can select Return to Service which:- Automatic setup: Device proceeds through Setup Assistant to home screen without user intervention
- Auto re-enrollment: Device automatically re-enrolls into Iru after erasure
- WiFi configuration: Automatically joins WiFi network from selected Library Item
- Ethernet support: Works with tethered Ethernet connections (kiosks) without WiFi profile
tvOS and visionOS Erase Behavior
- tvOS: Initiates a Reset, device reboots and presents Setup Assistant
- visionOS: Initiates Erase All Contents and Settings
EACS Requirements
- Bootstrap token required: EACS will fail if no bootstrap token is escrowed
- Recommended method: Use Iru Web App rather than local Erase Assistant for better results
- Auto Advance preparation: Properly prepares Mac for re-enrollment using Auto Advance
Legacy Firmware Passwords
Erase Command Execution
Command Delivery
- MDM Channel: Erase commands are delivered through the platform’s MDM framework
- Immediate Delivery: Commands are sent immediately when the device is online
- Queue for Offline Devices: Commands are queued and delivered when the device comes online
Execution Timeline
Online Devices
Commands execute within minutes of being sent for devices that are currently online.
Offline Devices
Commands are queued and will execute when the device next connects to the internet.