Forum Discussion
How to offboarding endpoint from Purview
Hi
I'm a fresh user of Purview and after creating policies linked to Exchange, I've enabled the onboarding of computer. Unfortunately, all Defender endpoints have been onboarded, and I've not be able to define which one was concerned. Now, I would like to offboard all those devices from purview and only keep them in Defender without any DLP protection. I tried to remove them with the onboarding script, but my endpoints are still present in Purview. How can I completely remove them?
Thanks for your help
Yohann
4 Replies
Hi Yohann,
To fully remove devices from Purview Endpoint DLP, you need to run the Purview offboarding package, not the Defender for Endpoint offboarding script. Purview uses its own onboarding client, so removing the Defender agent won’t remove the devices from Purview.
Here’s what to do:
1. Download the Purview offboarding package
Go to:
Purview portal → Settings → Device onboarding → Offboarding
Download the Windows offboarding package and run the included script on each device with admin rights.
(You can also deploy it in bulk through Intune, GPO, or SCCM.)
2. Wait for backend sync
After the script runs, the device stops reporting to Purview.
It can take up to 24 hours for the device to disappear from the “Onboarded devices” list.
3. Devices remain protected by Defender
Offboarding from Purview DLP does not remove Microsoft Defender for Endpoint, so the devices stay protected without Purview policies.
Hope this helps! :)Thanks for your answer.
I've executed the offboarding script but even after 24 hours, devices are still in the list but the Endpoint DLP Status is "false". As you said, they still have Defender fully active.
Thanks
RafaelDornelesMicrosoft
It can take up to 180 days for a device to stop appearing on the Purview Devices page. However, if you check the device’s status in the Defender Inventory page, you’ll see that it’s already marked as inactive.
Onboard Windows 10 and Windows 11 devices using Mobile Device Management tools | Microsoft Learn
Hi CovUser06,
If you want to remove devices from Purview while keeping them protected by Microsoft Defender for Endpoint, you should download the Windows off‑boarding package from Purview portal > Settings > Device onboarding > Offboarding and run the included script on each device with administrator rights to stop them from reporting to Purview. After running the script, wait for the portal to sync (up to 24 hours) and check that the devices have disappeared from the “Onboarded devices” list. If you have many devices, you can deploy the script in bulk using Intune, SCCM, or Group Policy to offboard multiple endpoints at once. This process removes the devices from Purview DLP tracking while leaving Microsoft Defender fully active.
