Forum Discussion

pozlu0's avatar
pozlu0
Copper Contributor
Jul 24, 2023
Solved

Exlude a Computer for some hour from defender from endpoint

Hello I would like to know if there is a way to exclude defender for endpoint protection  from a  pc from a couple of hours. Kind regards
  • jbmartin6's avatar
    jbmartin6
    Jul 24, 2023
    You can set the device to troubleshooting mode, this doesn't turn off any protections but it will allow local admin to turn them off. Or, you could offboard the device using the API and then onboard it again when you are finished.
elieelkarkafi's avatar
elieelkarkafi
MVP
Jul 24, 2023

pozlu0 if you want to offboard your machine completely from MDE and you don't have access to this machine, you can offboard it is using the API explorer blade from MDE.

 

Enter the following URL in the API Explorer

https://api-eu.securitycenter.windows.com/api/machines/{Device id}/offboard

Change in the dropdown menu GET to POST.

Add the following code to the API Explorer

{
  "Comment": "Offboard device by Security Admin via EndpointCave KB item"
}

 

 

Click on Run Query

 

 

The API will returns with a Status 200 response, this means that the POST action have been successfully performed and the next time when the device become available/online, Defender for Endpoint will offboard the device automatically without notification or approval