Can’t Remove Defender Tag After Asset Rule Was Deleted

it’s not just you. this is (currently) by design (or at least a known limitation) in Defender for Endpoint. The portal docs note how you can add/remove tags via API/manual, but this case deals with tags that came from dynamic (rule-based) tagging vs manually applied.

1. Recreate the original asset rule with the exact same tag → let it run once so the backend “re-links” the tag. then disable & delete the rule again. Many admins report this forces the platform to reconcile and drop the tag within a day or two. (Ugly, but it works.)
2. If you need to verify what’s actually stored, query the device’s tags via the Machines-Tags API; if the tag isn’t returned by the API but still shows in the UI, it’s that orphaned/visual state. https://learn.microsoft.com/en-us/defender-endpoint/respond-machine-alerts?utm_source=chatgpt.com
   
   Last, Open a Microsoft support ticket and reference the behavior as a product limitation for Asset Rule Management. Ask directly whether there’s a planned fix or backend cleanup job you can be added to. (Support engineers sometimes run backend jobs for tenants even when there’s no public toggle.)
   
   Hope it helps.