Forum Discussion
How to remove MDE managed devices in MEM?
Hi,
I had two windows server VMs with MDE(Microsoft Defender for Endpoint) onboarded.
For test purpose, I turned on the security settings management in MDE to let MEM deploy some security policies to them.
It worked fine.
I got corresponding device entries in AAD and MEM and was able to manage the VMs like other Intune managed devices.
After I deleted the VMs, I found the device entries are somehow lingering.
For MDE, I knew there is a data retention time which is 30 days in my case.
I waited for a month and the VMs do disappear from MDE.
But I can still see them in AAD and MEM till now.
I can't do anything to them in MEM, while I can temporarily delete them in AAD and see them respawn next day.
According to the doc, there is a way to solve this problem, but I can't see how.
Does anyone know what "be removed from the scope of Configuration Management in the Security Center" means and how to perform it?
Thanks for reading this post.
- OK my case is closed.
For short, the data retention setting is for the information INSIDE the device entry ONLY.
The empty device entry itself will remain less than 180 days.
So how to remove MDE managed devices in MEM?
Ans: Wait 180 days, they will be deleted in MDE then also in MEM.
I cannot confirm the answer is right, but I think it is.
- AlberIron ContributorAs I worked with the service team, I found that the VMs DID NOT disappear from MDE.
It seems that the data retention setting is not working.
30 days means 180 days as I saw.- AlberIron ContributorOK my case is closed.
For short, the data retention setting is for the information INSIDE the device entry ONLY.
The empty device entry itself will remain less than 180 days.
So how to remove MDE managed devices in MEM?
Ans: Wait 180 days, they will be deleted in MDE then also in MEM.
I cannot confirm the answer is right, but I think it is.