Forum Discussion
MUST be able to delete duplicate/orphaned devices from M365 Security Center
Good morning, I am about 2-3 weeks into evaluating Microsoft Defender for Endpoint, and so far have about 4 Windows 10 devices onboarded and managed through InTune policies. One of the test m...
- AFAIK, TVM data only includes data from computers that have been active in the last 30 days.
Microsoft doesn't provide the ability to remove devices because it's extremely dangerous. If an attacker would get permissions on your cloud instances, he could remove all his tracks. The devices are retained for forensic purposes.
Best options it to tag an offboarded machine and create an 'Inactive' machine group for it
I am not sure I understand the issue?
You can tag the device and create a machine group based on that tag. Within device inventory, you can then filter out the inactive machine group.
If old entries of devices that are reimaged would be removed, the old data of the device would be lost. That's a huge security risk?
You can tag the device and create a machine group based on that tag. Within device inventory, you can then filter out the inactive machine group.
If old entries of devices that are reimaged would be removed, the old data of the device would be lost. That's a huge security risk?
The issue is that the TVM only shows device name, so you can't tell if the security recommendation is for a current or old device. It should just show the tags you applied in device inventory rather than just device name. I know you can tag and add to a machine group, but this seems like more effort than needs be.
- TVM only takes into account devices which have been active in the last 30 days. So this shouldn't be that big of an issue IMO?
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tvm-security-recommendation?view=o365-worldwide#security-recommendations-overview
If it is, creating the machine group is your only option- I can't believe in 2022 this still isn't a thing. All the other major EDR vendors allow this function.
To suggest we filter around the absence of a basic function is absurd.
Can we get this basic functionality on the development roadmap?- This is still a bug and needs a fix.
