How to handle “Ghost Devices” and former employees?Solved

We just cleared our HIPAA audit last month and handled a few “zombie” hardware. You don’t need to play bounty hunter; you just need to let the Hexnode Compliance Engine do the dirty work for you.

What you want to do is set up a “Non-Compliance” policy specifically for inactivity. In our portal, we created a rule where if a device fails to check in for more than 30 days, it’s flagged as “Non-compliant.”

The magic part is the Automation, you can set an “Instant Action” so that the moment a device hits that 30-day mark, Hexnode triggers an Enterprise Wipe and locks the device. This way, even if the device never comes back to the office, you can prove to your auditor that the corporate data was revoked automatically the second the device fell out of management.

I didn’t realize I could chain a Wipe action directly to the inactivity timer.

Quick follow-up: If I trigger an Enterprise Wipe, does that remove the device from the Hexnode portal entirely? My auditor specifically wants to see a “History of Decommissioning” for these assets. I’m worried if they just disappear from the list, I’ll have no trail to show the auditor that the wipe actually happened.

Great question. No, it doesn’t just vanish. The Enterprise Wipe clears the corporate data/profiles, but the device record stays in your “Archived” or “Disenrolled” list with a full timestamped log of the action.

In the Reports tab, you can actually pull an “Action History” report. It shows: Device X -> Marked Non-Compliant (Inactivity) -> Enterprise Wipe Triggered -> Success. That is something to hand over to an auditor. It proves you have a “set it and forget it” security posture rather than just trying to manually delete devices and hoping for the best. Good luck with the SOC2!