Forum Discussion
Solved
MUST be able to delete duplicate/orphaned devices from M365 Security Center
Good morning, I am about 2-3 weeks into evaluating Microsoft Defender for Endpoint, and so far have about 4 Windows 10 devices onboarded and managed through InTune policies. One of the test m...
- AFAIK, TVM data only includes data from computers that have been active in the last 30 days.
Microsoft doesn't provide the ability to remove devices because it's extremely dangerous. If an attacker would get permissions on your cloud instances, he could remove all his tracks. The devices are retained for forensic purposes.
Best options it to tag an offboarded machine and create an 'Inactive' machine group for it
I came here to say just this. I can't fathom how I'm supposed to manage our security posture with this product? I thought I must have been doing something wrong or missing something, since I wasn't able to simply remove a stale device from my portal without going through an offboarding process that is so limited in the possibility of success that I can't even believe it's offered as the solution (along with waiting 180 days for the DB to be cleaned)