Forum Discussion
Forcibly removing Azure Arc on-prem server from Defender for Cloud
I have a few servers that were Arc enabled and decommissioned without removing Arc. How can I forcibly remove them from Defender for Cloud?
Take this:
- Unregister the Server from Azure Arc:
- Go to the Azure portal and navigate to the Azure Arc resource group where the server is listed.
- Select the server you want to remove and click Delete. This will unregister the server from Azure Arc.
- Remove the Server from Defender for Cloud:
- Navigate to Microsoft Defender for Cloud in the Azure portal.
- Under the Inventory section, locate the server you want to remove.
- Select the server and choose Delete or Remove from the options.
- Clean Up Extensions:
- If the server was onboarded with extensions (e.g., Log Analytics agent), ensure these are removed. You can do this by navigating to the Extensions section of the server in the Azure portal and uninstalling any associated extensions.
- PowerShell or CLI:
- If the server still appears in Defender for Cloud, you can use Azure PowerShell or CLI commands to remove it:
Remove-AzResource -ResourceId "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.HybridCompute/machines/{machineName}" -Force
Steps 1 and 2 don't work, in Azure Arc there is no delete option when you select a server in the Machines list and in Defender for Cloud Inventory there is no way to select a server in the list nor are there options to Delete/Remove. In both instances those locations only let you review information and/or add services, but not remove.