Microsoft
MicrosoftCouples questions and comments regarding this process.
The offboarding script no longer works as Defender itself detects the psexec command as a virus threat when trying to stop the sense service. If the service cannot be stopped, the reg value senseGuid and the files from "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber" can't be deleted either.
Please provide an improved PowerShell script to do the offboarding that actually works and has been tested. Doing QA on a recommended script to guarantee that the actual Antivirus is working is kind of important. This needs to work 100%.
If indeed we need to download a fresh copy of the WindowsDefenderATPOnboardingScript.zip file every month, please provide a static URL to download it so we can automate the task with our master image update. Something like http://aka.ms/WindowsDefenderATPOnboardingScript. At this moment, this is a complete nightmare to maintain.
Also posted here
https://github.com/MicrosoftDocs/microsoft-365-docs/issues/10740
