Forum Discussion
Offboarding Defender for Endpoint
I was testing the onboard process in Intune Autopilot. So, I was using the same laptop to test it over and over. I had the onboarding script enabled which actually onboarded the device. But, when the PC was reset and a new machine name was assigned through Autopilot process, the new device got onboarded, the old device is like showing onboarded but the device does not exists as I wiped it off.
How can I offboard in such situations? I do have an offboarding configuration profile created but it is not going to work since the device does not exists but it is in Endpoint.
Any thoughts?
Thanks in advance
2 Replies
- You can try to offboard the device via the API. Pick thr device guid/id as shown in DFE.
Not sure if the correct post syntax is shown on the page below but should be a good starting point.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/offboard-machine-api?view=o365-worldwide- Old devices will remain in the device list, even if you offboard them.
The status will change to inactive after 7 days, and then they will remain there for the remainder of the data retention period of MDE.
This info is also available in the docs below.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/offboard-machines?view=o365-worldwide
