There are a few ways to wipe corporate email off a personal phone when someone leaves. One way is to enroll the device in Endpoint Manager and then use selective wipe to remove the email. However, as you mentioned, this is not possible if the device is not a managed device.
Another way to wipe corporate email off a personal phone is to use app protection policies. App protection policies allow you to control how users can access corporate data on their personal devices. For example, you can create an app protection policy that prevents users from accessing corporate data from any app other than Outlook. This will prevent users from accessing corporate email from any other app, including the native mail app on their phone.
If you want to allow users to access corporate email from the native mail app on their phone, you can create an app protection policy that requires users to enter their corporate credentials before they can access corporate data. This will prevent users from accessing corporate email without first authenticating with their corporate credentials.
Once you have created an app protection policy, you can assign it to users or groups. When a user or group is assigned an app protection policy, they will be prompted to install the app protection policy when they next open Outlook. Once the app protection policy is installed, users will be required to enter their corporate credentials before they can access corporate data.
If a user leaves the company, you can revoke their access to corporate data by removing them from the app protection policy. This will prevent them from accessing corporate email from Outlook or any other app.
Here are the steps on how to create an app protection policy in Endpoint Manager:
- In the Endpoint Manager console, go to Devices > All Devices.
- Select the device that you want to create an app protection policy for.
- Click App Protection Policies.
- Click Create Policy.
- In the Name field, enter a name for the app protection policy.
- In the App field, select Outlook.
- In the Allowed Apps section, select the apps that you want users to be able to use to access corporate data.
- In the Blocklisted Apps section, select the apps that you want to block users from using to access corporate data.
- In the Required Authentication section, select whether you want users to be required to authenticate with their corporate credentials before they can access corporate data.
- Click Create.
Once you have created the app protection policy, you can assign it to users or groups. To assign the app protection policy to users or groups, follow these steps:
- In the Endpoint Manager console, go to Devices > All Devices.
- Select the device that you want to assign the app protection policy to.
- Click App Protection Policies.
- Select the app protection policy that you want to assign.
- Click Assign.
- In the Assign To section, select the users or groups that you want to assign the app protection policy to.
- Click Assign.
Once you have assigned the app protection policy to users or groups, they will be prompted to install the app protection policy when they next open Outlook. Once the app protection policy is installed, users will be required to enter their corporate credentials before they can access corporate data.