Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Lost & Stolen Device Management with Ivanti MDM

Ivanti
04/06/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


are going to have a look at how we mitigate threats when a device goes walking. So if a device is lost, if a device is stolen, how we mitigate those threats, how we fix it, and not just from a technical perspective, which Ash will walk us through, but also from a process perspective. Who needs to know that a high-priority device has gone missing? Whether there's data that needs protecting, what controls, what part of the business needs to know that a device with sensitive data has gone walkabout, how we walk that through a process that contacts every part of the business that needs to know. Why is this important? Every individual has a device. A lot of individuals have multiple devices, and they will bring them to work. They could be issued by the employer, or it could be bring your own device, where we bring our own devices and roll them into an MDM solution. But what happens if they're stolen? What happens if my device gets lost? How do I mitigate those risks? We need to be able to control the sensitive data on those devices, access to applications, access to data. We need to be able to enforce some rules and make sure that that data is safe. I also need to make sure that my security posture is maintained, so different parts of the business need to know immediately that there is a threat to our security posture. If a device has gone missing, could be stolen, we don't know at this point in time, but there's lots of different areas of the business that need to know. First of all, the service desk. They may get a ticket coming in saying, hey, I've lost my device. Can you please help me? This could be provisioning a new device. It could be locking it, but the service desk is the first point of contact. We're going to talk to IT operations, and this is where Ash will go into some details about how we can interact with IT operations. We can look at how we can control applications on the device if we need to, but also wipe the device and secure that device. It could have sensitive data on it. It could be a high-priority device that someone high up in the company owns. The asset management team needs to know. Obviously, an asset has been lost. They need to update their records and take appropriate actions. Procurement and finance, we may need to purchase a new device. Legal team, again, depending on who has lost this device, in some cases could be a high-profile employee or a position of power. We need to get some insights and advice from the legal team. Security operations need to know, again, that there's an incident around a security posture. They will have an appropriate process that they need to follow and work through. And our risk and compliance team, again, we adhere to regulations. We adhere to controls. The building management team, this is an unusual one, but some organizations have smart apps on their phones that allow them to enter the building using their mobile phone as opposed to a plastic card, a physical card that they may use. So if your phone has gone missing, potentially our building access is potentially not secure. So we could have people coming into the building who shouldn't be there. And finally, maybe you want to talk to HR and training. Maybe this person has lost the device numerous times. Maybe there's a trend of not adhering to the corporate legislation, the guidelines, et cetera. So maybe we need to give them some training. Maybe we need to give them some advice. So I'm going to walk through quickly a process where we bring in an incident. And we can log an incident very quickly. And in this case, it's going to be someone has lost their phone. So Graham has logged a ticket. The service does let them know that his phone has been lost. It's simply going to put phone lost. I've lost my phone. Please help. And we're going to put that under the now security operations. And lost stolen equipment. We're going to mark as high priority. We're going to maybe send that to the security team. And I can pick that up. So we've logged that ticket. And that could be over the phone. It could be through email. It could be through the portal or some other method. But we have logged a ticket. I also want to link the customer's asset, which is their iPhone. This is the asset that's been lost. So now I've got a ticket ready to go. Now, a few things are going to happen with this ticket. One is I can see a number of tasks have appeared. So as we said before, and we looked at that wheel of business units that need to be contacted, I can see that we've logged a ticket with the building security team, our facilities team, legal team, purchasing, asset management, and operations team. So, again, we have created some tasks or the tickets with context about what they need to do. We've actually assigned one straightaway to an individual to say you need to remove access to these systems because they used their phone for multi-factor authentication. So, again, trying to reduce the impact from a security perspective. I've also logged a HR case. So, again, potentially training needed. We know there are VIP status. I can't see this ticket. It's in HR case management, but I just get a quick overview of this ticket. It's been logged and it's been sent to them, and they can pick that up and do whatever they need to do with it. The other thing is we have linked the device. So if I go and have a look at this device, we can get all the information from it. Again, we could be feeding in from the MDM solution to get all the information about that phone, but, again, it's a two-way street. I can actually interact with that device as well. Now, what the asset management team may do is mark it as stolen. If I save that, you can see it's been marked as stolen. And I can see some options here. Lock the asset, restart the asset, return asset to service, send a message, and wipe the asset. So, again, I can now, as well as receiving information from the MDM solution to populate the attributes and information about that phone, I can push requests to the MDM solution and say, hey, I want to wipe that asset or I want to lock that asset. So this could be part of my process when we have a lost or stolen phone. So I could hit that, wipe the asset. Warning, this action will wipe the mobile phone. This action is irreversible. Click OK to continue. I'm not going to do that now. And, again, I could also lock the asset. Warning, this action will lock the mobile phone. Click OK to continue. So I may want to lock it for now. Just make sure that someone can't use it. And we can go through the path of resetting or wiping that device further down the track as we need to. Now, at that point, you can see the processes have been initiated. And we'll have a look at some other processes when Ash finishes his demo. But what we've done is we've let a lot of parts of the business know there's a problem. And they can take up what they need to do. We don't have to go around and phone them, e-mail them, and hope that somebody follows the process. The process has been automated for us. And also the interaction with the phone itself via the integration with MDM. So with that, I'll hand over to Ash, and he'll have a look at how we can interact with that phone. We'll have a look at potentially looking at blocking some apps, first of all, and then how we wipe that device nice and quickly. So from here, I can run it automatically. Ash will show us how he can do it manually as well. Thanks, Kieran. So here we have an iPad, the iPad. We can see we've got some apps installed, registered and rolled in the Binding Neurons for MDM. We have the console there, the Binding Neurons for MDM console. And we can see the actual devices in here go into the device. This is the actual iPad here. You can see it's last checked in not long ago. We can see some installed apps. So the scenario is we've had a PSPF come out and said, we need to remove an app. And that app is TikTok. And we can see TikTok is there on the device. So we can remove that app quite simply and easily through the console. So we can find TikTok here. And we can see that's installed and it's managed. So we have full control over that. And we have our actions where we can distribute or exclude. So we're going to exclude straight away. So we've put TikTok into our system and taken ownership of that app if it got installed. And that enables us to get rid of this app. So we'll do some check-ins. We can go have a look at a few other things whilst this is happening. We can see all our config that we've pushed the device. So this is everything infrastructure-related. Everything that all the data that you want the user to have access to, we've pushed down those configs, those apps, those settings. They're all on there. And we can see on the right here TikTok has now been removed. And that literally took a few seconds to do and a few clicks to get that app off the device. So we have the ability as well through our mobile threat defense integration, which we've activated here quite easily through just one config. We can see in the mobile threat defense console that we have a device here. And we can see it has a normal risk posture. So we actually click on that and we can see the related threats and the history of related threats. So we can see we had one elevated threat and that was resolved. And yeah, it was a device pin. So it didn't have a pin code on the device. So very in-depth, detailed timeline history of threats that are happening on the device. We can see we removed TikTok from the device through a direction. And because in this scenario this device has been lost, we can actually click in here quite easily and wipe or retire the device. So if we were to retire the device, we would only remove the enterprise data from the device and the device would still stay there. We can actually wipe the device as well. We have the ability to also return to service. As Kieran demonstrated before, we can return that device to service so it doesn't have to be fully wiped. We can keep access to the apps and data and we keep the Wi-Fi payload so we can select a Wi-Fi profile there. But in this example, we really want to make sure that this device is not going to be compromised and not compromise that building access as well. So we're going to fully wipe the device. And because this is enrolled in Apple Business Manager using the device enrollment program, it is tied to the organisation anyway, but it'll just become effectively a brick to anyone else other than the organisation's employees. So we'll click on a wipe. And we can see within seconds that the device will start shutting down and erasing all that enterprise data. There we go. So the device has now been wiped. Go back to the device list. We can see that status is wiped. So it means that the command has been received by the device and that literally took a few seconds to do. So back over to you, Kieran, to take us through what we just saw. Yep. So before we close that, I'm just going to go through the security operations and the risk compliance piece as well. So you saw we had those tasks assigned to various parts of the business. We saw legal, asset management, facilities, HR all sort of notify the dissident and take on what they need to do out of their own individual processes. We're also going to talk to the security team. So we automatically create a security incident. If I look at the security incident, I can see all the relevant information, who is the customer, the summary that we've taken from the incident itself, again, service and category we've taken across. We've assigned this to the security team, and we have an owner. So Aileen has picked this up. There's a task come in immediately as well to look at whether it's sensitive or confidential information that is involved with this device. So, again, they can pick that up and mark it as confidential as well. I'll say we have sensitive data. So, again, you can start to update and classify this security instance as you need to. We can see where the original incident came from. So that's with the service desk itself. And, again, we can start to go through that process to sort of understand the incident and make sure we can close it off and make sure any mitigation actions are taken care of. I can see the asset as well, which will currently be marked as stolen, which you can see here. So all the information is made available. They're not guessing about any of the information. It's all presented to them as part of an integrated holistic process across the business. I've also created a risk. So why do we want to talk to the risk and compliance team? Security operations are doing their piece, but now risk and compliance need to be involved as well. So I can see here we've got a risk, and I'll just look at my list of active risks here, and I can see 7234 has been created as well. So this is kind of our risk register that our risk and compliance team would work from. And I click into this. Again, it's a slightly different screen. It changes and tailors to the persona who's looking at the relevant data or looking at it from their perspective. And now I can start to classify this risk. Now, the important thing about the risk is not just a risk on its own, and it's in isolation, but how it relates to more holistic business processes, things around controls. We'll have a lot of controls in place that need to be adhered to to support larger compliance and regulations, things like ISO or APRA, HIPAA, GDPR, et cetera. These controls are in place to help us adhere to them. So if a phone goes missing, there's a lot that could impact these controls. So we need to look at these controls and understand what's potentially impactful. So the encryption for passwords, that may be something to do with. SSO definitely. The physical security. We talked about the phone being used as a digital building card to get in and out of buildings, so definitely that might be an issue of security offices, et cetera. Electronic messaging, obviously, part of the phone. Accessible use of mobile devices. So suddenly there's a whole list of controls that are potentially impacted. And if you go to one of these controls, I'll look at the physical safeguards. I can see some information about that. If I was in the GRC role, the governance risk compliance role, I'd get more granular information, and I could take some actions there as well. We can create a mitigation plan if we need to, or we can link to existing mitigation plans. So, again, we can link these in as we need to. We can understand what would be impacted. And, again, when we look at these mitigation plans, all the information we're adding here around the risk and the security incident, all that will propagate down. We'll see all the impact of these mitigation plans. So are they worth doing? Yes, because we've got all these other incidents happening around the organization. Again, I can see where the security incident is as well, so I can see where that's up to. And as that moves along its lifecycle, I can sort of work in parallel with the security team rather than working in isolation. And as we understand and review this risk and we move on, we can understand its current status, its original status, and its target. So at the moment, we're targeting to make sure the likelihood is possible. The impact is minus, so that's kind of where we're not meeting currently the target. As we review this and get more comfortable with the risk and we perform mitigation actions, we can see the risk starts to go down, and that's shown by a green arrow. And, again, if we go to the list here, we can see the change is a good change as opposed to a bad change. So, again, that full visibility across the different parts of the business because it does impact them. They need to know about it. They don't want to sit in isolation and not know that a high-priority device has been lost or stolen. So back to the wheel. So what did we look at as part of this use case? So we saw the service has logged a ticket. We went to IT operations, and Ash walked us through how we revoke access, not just to the device, but applications as well. So, again, you could have threats via applications, and they may come in through the service desk, or you may get notifications that something's been installed. Ash showed how the MDM solution can go down to granular levels of application, but also then reset the device or put it into service mode, et cetera. We looked at the asset management team now. The procurement team bought and started to process to purchase a new phone. Legal team provided some guidance. We had that security incident logged. We saw how the risk ratio was updated and the impact controls were acknowledged as part of this whole issue. We looked at building management team now, and also HR. And, again, potentially they may not need to be involved, but it's good just to keep everyone across the issue and what needs to happen. So what did we just see? Just a small timeline. Obviously, Graham lost his mobile phone. He logged a high-priority incident with the service desk. We got the relevant departments updated straight away. We were then able to auto-wipe if we wanted to from the service desk, but then, obviously, we moved across, and Ash showed how we can wipe and control applications, et cetera, and do that threat analysis. I then had the risk and compliance team and the SecOps team investigate that security issue and make sure that they were taking all their appropriate actions. And, finally, just to kind of finish off this scenario, in fact, we found out just as we completed the demo that Graham actually found his phone. And if you remember, there's a previous video that Ash walked through about enrolling mobile phones. We were able to enroll that phone again under two minutes back to normal service, and Graham was able to get on with the rest of his day. So even though he lost his phone, he found it, and we could re-enroll it super fast. So thank you for that from myself and Ash. Hopefully, you've learned something with this video, and we look forward to sharing a few more. Thanks again. Thank you.

TL;DR

  • Ivanti automates lost/stolen device response by simultaneously notifying IT, security, legal, HR, asset management, building security, and other departments with context-specific tasks, eliminating manual coordination.
  • The MDM integration enables immediate remote actions including app removal (demonstrated removing TikTok in seconds), device locking, selective enterprise data wipes, or full device wipes directly from the service desk.
  • Security incidents automatically generate risk register entries mapped to affected compliance controls (ISO, HIPAA, GDPR), ensuring governance teams assess regulatory impact alongside technical remediation.
  • Mobile threat defense integration provides real-time device risk posture monitoring, while Apple Business Manager enrollment ensures wiped devices remain organizationally locked and unusable by unauthorized parties.
  • Devices can be re-enrolled in under two minutes if recovered, minimizing business disruption while maintaining security controls throughout the incident lifecycle.

Cross-Functional Incident Response Process

This demonstration showcases Ivanti's approach to managing lost or stolen mobile devices through automated, cross-functional workflows. When a device is reported missing, the platform automatically notifies multiple departments including IT operations, asset management, legal, HR, security operations, risk and compliance, building management, and procurement. Each team receives context-specific tasks aligned with their responsibilities, eliminating manual notification processes and ensuring comprehensive incident response. The integration between Ivanti's service management platform and its Neurons for MDM solution enables two-way communication — pulling device information into incident records while pushing remote commands like lock, wipe, or app removal directly to the device.

Technical Controls and Mobile Threat Defense

The technical demonstration illustrates granular device control capabilities through the MDM console. Administrators can remotely remove specific applications (demonstrated with TikTok removal in seconds), lock devices, wipe enterprise data selectively, or perform full device wipes. The platform integrates mobile threat defense monitoring, providing real-time risk posture assessment and threat history for enrolled devices. For devices enrolled through Apple Business Manager's Device Enrollment Program, wiped devices remain tied to the organization, effectively becoming unusable by unauthorized parties. The solution supports both corporate-owned and BYOD scenarios, with options to wipe only enterprise data while preserving personal information.

Risk and Compliance Integration

Beyond immediate technical response, the platform automatically creates security incidents and risk register entries when devices are reported lost or stolen. The risk and compliance module maps incidents to affected controls (encryption, SSO, physical security, mobile device policies) and links them to broader regulatory frameworks like ISO, HIPAA, and GDPR. Risk officers can track mitigation plan effectiveness, monitor risk score changes over time, and maintain visibility into how device loss impacts organizational compliance posture. This integration ensures that device incidents are evaluated not just as isolated technical problems but as potential compliance and security risks requiring governance-level attention.

Rapid Recovery and Re-Enrollment

The demonstration concludes with a recovery scenario where the lost device is found and re-enrolled in under two minutes, highlighting the platform's ability to quickly restore service. This rapid re-enrollment capability, combined with the automated workflows and integrated controls, demonstrates Ivanti's positioning around minimizing both security exposure and business disruption when mobile devices go missing. The end-to-end process — from initial incident logging through departmental notification, technical remediation, risk assessment, and device recovery — is presented as a unified, automated workflow rather than a series of disconnected manual steps.

Chapters

0:00 - Introduction and Overview
0:52 - Why Device Loss Management Matters
1:59 - Cross-Functional Notification Requirements
4:26 - Service Desk Incident Logging Demo
5:52 - Automated Task Creation and Assignment
7:02 - Device Asset Integration and Remote Actions
9:25 - MDM Console: App Removal Demo
11:38 - Mobile Threat Defense Integration
12:42 - Remote Device Wipe Demonstration
14:24 - Security Incident Management Workflow
16:08 - Risk and Compliance Integration
20:01 - Use Case Summary and Timeline
22:13 - Device Recovery and Re-Enrollment

Key Quotes

0:26 "Who needs to know that a high-priority device has gone missing? Whether there's data that needs protecting, what controls, what part of the business needs to know that a device with sensitive data has gone walkabout, how we walk that through a process that contacts every part of the business that needs to know."
2:32 "The building management team, this is an unusual one, but some organizations have smart apps on their phones that allow them to enter the building using their mobile phone as opposed to a plastic card, a physical card that they may use. So if your phone has gone missing, potentially our building access is potentially not secure."
7:16 "Again, we could be feeding in from the MDM solution to get all the information about that phone, but, again, it's a two-way street. I can actually interact with that device as well."
11:24 "And we can see on the right here TikTok has now been removed. And that literally took a few seconds to do and a few clicks to get that app off the device."
13:32 "Because this is enrolled in Apple Business Manager using the device enrollment program, it is tied to the organisation anyway, but it'll just become effectively a brick to anyone else other than the organisation's employees."
16:56 "Security operations are doing their piece, but now risk and compliance need to be involved as well."

Categories:
  • » Webinar Library » Ivanti
  • » Cybersecurity » Endpoint Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Endpoint Management
  • Security Operations
  • Compliance & Governance
  • Technical Deep Dive
  • Demo
  • Mobile Device Management
  • Incident Response Automation
  • Cross-Functional Workflows
  • Risk and Compliance Integration
  • Mobile Threat Defense
  • Remote Device Control
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Lost & Stolen Device Management with Ivanti MDM

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Level Security Team for Unmatched Defense Success
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-level-security-team-for-unmatched-defense-success/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Innovations in Data Privacy and Digital Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-innovations-in-data-privacy-and-digital-protection/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Level Security Team for Unmatched Defense Success

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version