Forum Discussion

Eric_Logsdon's avatar
Eric_Logsdon
Copper Contributor
Mar 12, 2025

Forcibly removing Azure Arc on-prem server from Defender for Cloud

I have a few servers that were Arc enabled and decommissioned without removing Arc. How can I forcibly remove them from Defender for Cloud?

3 Replies

Sort By
  • Kidd_Ip's avatar
    Kidd_Ip
    MVP
    Mar 14, 2025

    Take this:

     

    • Unregister the Server from Azure Arc:
      • Go to the Azure portal and navigate to the Azure Arc resource group where the server is listed.
      • Select the server you want to remove and click Delete. This will unregister the server from Azure Arc.
    • Remove the Server from Defender for Cloud:
      • Navigate to Microsoft Defender for Cloud in the Azure portal.
      • Under the Inventory section, locate the server you want to remove.
      • Select the server and choose Delete or Remove from the options.
    • Clean Up Extensions:
      • If the server was onboarded with extensions (e.g., Log Analytics agent), ensure these are removed. You can do this by navigating to the Extensions section of the server in the Azure portal and uninstalling any associated extensions.
    • PowerShell or CLI:
      • If the server still appears in Defender for Cloud, you can use Azure PowerShell or CLI commands to remove it:
    Remove-AzResource -ResourceId "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.HybridCompute/machines/{machineName}" -Force

     

    • hayesb's avatar
      hayesb
      Copper Contributor
      Apr 24, 2025

      Steps 1 and 2 don't work, in Azure Arc there is no delete option when you select a server in the Machines list and in Defender for Cloud Inventory there is no way to select a server in the list nor are there options to Delete/Remove. In both instances those locations only let you review information and/or add services, but not remove.

    • hayesb's avatar
      hayesb
      Copper Contributor
      Apr 24, 2025

      Hi, with the 2nd step, removing from Defender for Cloud, there is no way to select a server in the Inventory and there is no options to Delete/Remove. The inventory is just a report list with no way to interact, you can click on the server, but that just brings up another interface that is just read-only information. I am the global administrator that created the resource group/subscription and added the asset to defender for cloud, so I don't think its permissions.

      I feel like these interfaces are changing daily, and doing simple things like adding/removing devices should be simple and easy to find. 

      Even the steps to remove a server from Arc don't match up, if you go to Arc and Machines and select the machine, there is no option to delete.

       

Resources