Recently, I was asked to perform testing to see if we can issue device wipe command on devices that were originally enrolled as employee-owned and later on had device ownership changed to corporate-owned.
Based on my understanding and after my conversation with VMware Workspace ONE / AirWatch technical support, the ability to perform a device wipe is limited based on device ownership setting within the web console. The applicable rights are granted to the devices once the MDM profile is installed as part of the enrollment process. And these rights don’t change unless the same device is un-enrolled and re-enrolled with a different ownership type.
In other words, it is not possible to perform device wipe on employee-owned devices even after switching device ownership to corporate-owned in the web console.
Thus, the workaround is either un-enroll and re-enroll the same device after device ownership has been changed. Or if it’s truly necessary to be able to perform a device wipe on such device that is initially enrolled as employee-owned, modify the privacy setting within the web console on employee-owned devices which is not recommended.