If a Device is Lost or Stolen

If a device that is protected by Endpoint Cloud is lost or stolen, you can:

  • Find the device

    If the device's Policy has Geolocation enabled, you can use Endpoint Cloud to find the device's last known location. The location is displayed in Endpoint Cloud in an embedded Google Map. This feature uses the device's wi-fi connections to identify the last known location, and so requires the device to be wi-fi enabled.

    To find out about geolocation, see Find Devices with Geolocation.

  • Revoke the device

    If the device's Policy has local encryption enabled, you can revoke the device. This can be a good choice if you suspect that a device has been lost, rather than has been stolen.

    With a revoke, you tell Endpoint Cloud to remotely remove the encryption certificate from the device. As soon as the Agent receives the instruction the certificate is removed and the encrypted data on the device cannot be accessed or used. So anyone using the device will be unable to access your data.

    You have the option to unrevoke later. The unrevoke will place the encryption certificate back on to the device so that it's encrypted data is available again.

    For more information, see:

  • Wipe the device

    You can use Endpoint Cloud to perform a "forensic wipe" of the device. The wipe securely removes the business data from the device. It involves a revoke of the encryption certificate and a series of deletions that remove the data and then re-wipe to remove any trace of your data.

    For more information, see Remotely Wipe a Device.


You can set Endpoint Cloud so that it automatically revokes a device if the device fails to connect to Endpoint Cloud within a certain time-frame.