Forum Discussion
How to offboarding endpoint from Purview
Hi Yohann,
To fully remove devices from Purview Endpoint DLP, you need to run the Purview offboarding package, not the Defender for Endpoint offboarding script. Purview uses its own onboarding client, so removing the Defender agent won’t remove the devices from Purview.
Here’s what to do:
1. Download the Purview offboarding package
Go to:
Purview portal → Settings → Device onboarding → Offboarding
Download the Windows offboarding package and run the included script on each device with admin rights.
(You can also deploy it in bulk through Intune, GPO, or SCCM.)
2. Wait for backend sync
After the script runs, the device stops reporting to Purview.
It can take up to 24 hours for the device to disappear from the “Onboarded devices” list.
3. Devices remain protected by Defender
Offboarding from Purview DLP does not remove Microsoft Defender for Endpoint, so the devices stay protected without Purview policies.
Hope this helps! :)
Hi Ajeeth
In the senario where you have a EDR policy for Onboarding Defender in Intune and then run a Offboard for Purview, will the device get onboarded to Purview again?
What I'm seeing currently is that after Offboarding it deletes the Microsoft Purview Data Loss Prevention
(MDDlpSvc) service.
However after a reboot the service will show in the Service list again and when you click on it it will say it does not exist and remove itself from the list again. At the same time i see the "Last Seen" status get update in Purview, not sure if this is because it Defender service that sends/shares the Last seen data?