What to Do If Your Work Phone or Laptop Is Lost or Stolen

The First Hour Matters

A lost or stolen work device is stressful — but the steps below, done in order, will protect your business email, your files, and your clients' data. Do not wait until "tomorrow morning". Even a stolen phone is dangerous because most work phones stay signed into Microsoft 365, your password manager, and your two-factor authentication app.

If you only have time for three things, do these first:

• Tell your manager or IT contact straight away
• Sign out of Microsoft 365 on all other devices
• Change your Microsoft 365 password

The rest of this article walks through the full response.

Step 1: Tell Someone

Phone or message your manager and your IT provider immediately. If Netluma IT supports your business, call 1300 521 162 — even outside business hours, leaving a voicemail starts the paper trail.

Do not feel embarrassed. Fast reporting is the single biggest factor in limiting damage.

Step 2: Change Your Microsoft 365 Password

From any other device (a colleague's laptop, a home computer, your spouse's phone):

• Go to portal.office.com in a browser
• Sign in with your work email
• Click your profile picture (top right) → View account
• Click Change password
• Choose a strong new password you have never used before

This single step locks the thief out of your email, OneDrive, Teams, and SharePoint.

Step 3: Sign Out of All Sessions

Still on the My Account page:

• Click Sign out everywhere (or go to mysignins.microsoft.com)
• Confirm

This forces every device — including the lost one — to require a fresh sign-in. Combined with the new password, the thief is locked out of your Microsoft 365 account.

Step 4: Locate or Wipe the Device

If it is an iPhone or iPad

• Go to iCloud.com/find from any browser, or use the Find My app on another Apple device
• Sign in with your Apple ID
• Select the missing device
• Choose Mark as Lost (locks it and shows a contact message)
• If recovery is unlikely, choose Erase iPhone — this wipes it remotely

If it is an Android phone

• Go to android.com/find in a browser
• Sign in with the Google account on the phone
• Choose Secure device (locks it) or Erase device (wipes it)

If it is a Windows laptop

• Go to account.microsoft.com/devices
• Sign in with the Microsoft account linked to the laptop
• Find the device and choose Find my device
• If recovery is unlikely, contact your IT team — they can issue a remote wipe through Microsoft Intune if your business uses it

If it is a Mac

• Go to iCloud.com/find
• Select the Mac
• Choose Mark as Lost or Erase Mac

Step 5: Replace the SIM and Mobile Number

If the lost device is a phone:

• Call your mobile provider (Telstra, Optus, TPG, Vodafone) and report the SIM lost
• Ask for a replacement SIM with the same number
• This stops the thief receiving SMS two-factor codes sent to your number

Step 6: Reset Two-Factor Authentication

If your Microsoft Authenticator app was on the lost device, you also need to:

• From a working device, go to mysignins.microsoft.com/security-info
• Remove the missing device's authenticator entry
• Add a new authenticator on your replacement device

If you cannot get into your account because the authenticator is on the lost device, your IT team can reset MFA for you.

Step 7: Check What Else Was Signed In

The lost device probably had more than just Microsoft 365. Change passwords (or at least sign out remotely) for:

• Your password manager (1Password, LastPass, Bitwarden)
• Your business banking app
• Xero, MYOB, QuickBooks
• Any CRM or job-management app (ServiceM8, simPRO, Tradify, Cliniko, Halaxy)
• Your personal Apple ID or Google account
• Social media accounts used for work (LinkedIn, Facebook business page)

Step 8: Report It Properly

• Report the theft to Police and request a report number — many insurance policies require this
• Email the police report number to your IT team and your manager
• If client data may have been on the device, your business may have notification obligations under the Privacy Act — discuss with your manager and IT provider

Step 9: Get a Replacement Device

When IT issues a replacement, the proper handover should include:

• Device enrolled in your business's mobile device management (Intune or similar)
• Microsoft 365 reinstalled and signed in
• Two-factor authentication re-registered
• Full-disk encryption confirmed (BitLocker on Windows, FileVault on Mac)
• A fresh device PIN or biometric set up

How to Make the Next Loss Less Painful

• Use a strong device PIN or biometric — never "swipe to unlock"
• Turn on Find My iPhone, Find My Mac, or Find My Device today, before you need it
• Make sure your business uses Microsoft Intune or similar — it lets IT remote-wipe a device in seconds
• Never store passwords in the browser of a work device without a password manager protecting them
• Encrypt your laptop hard drive (BitLocker on Windows, FileVault on Mac)

Need Help?

If a Netluma IT client device is lost or stolen, call us straight away — we can lock accounts, force sign-out, and issue a remote wipe within minutes.

Phone: 1300 521 162 (24/7 for urgent security incidents) Email: helpdesk@netlumait.com.au