Forum Discussion
James_Gillies
Apr 27, 2021Brass Contributor
MUST be able to delete duplicate/orphaned devices from M365 Security Center
Good morning, I am about 2-3 weeks into evaluating Microsoft Defender for Endpoint, and so far have about 4 Windows 10 devices onboarded and managed through InTune policies. One of the test m...
- Jun 21, 2021AFAIK, TVM data only includes data from computers that have been active in the last 30 days.
Microsoft doesn't provide the ability to remove devices because it's extremely dangerous. If an attacker would get permissions on your cloud instances, he could remove all his tracks. The devices are retained for forensic purposes.
Best options it to tag an offboarded machine and create an 'Inactive' machine group for it
Joonas_P
May 12, 2022Copper Contributor
Unbelievable that this bug / feature still exists here! There must be ability to manually remove stale devices from the Security portal Device Inventory. Filtering out and using some sort of device tags and groups just sounds like a work around in my opinion and unnecessary work. I don't understand how deleting devices can be security issue for real. This just sounds something that MS doesn't care to fix. I'm having a hard time explaining this to my customers because I've seen multiple solutions by different vendors and there is this simple feature in place.
Joonas_P
May 16, 2022Copper Contributor
And i will reply to myself and add that if preventing delete devices are part of security plan then it should be done differently. There should be way to delete devices but, they could go to some sort of deleted devices archive for X amount of time and you cannot delete them from there even with GA rights.