Forum Discussion
Defender for Endpoint | Deception
Hi Everyone,
I hope this topic is going to help someone.
I want to know after 31 of October 2025
Does that mean that no one can run Deceptions and policy rules, etc?
As at the moment I'm experiencing this:
It would be good to know if I have to deal with it and look into what the issue is, as I'm using Zscaler. The issue is definitely there after running a number of commands to check the reg key, etc.
Can someone provide me with any documentation if this will be fully retired or will still be functioning to some point?
1 Reply
All rules and the interface are scheduled to be removed on or right after Oct 31. Onboarding stopped in August. This is unfortunate, but like most Microsoft products it was a half-hearted product that didn't do enough.
When this will happen
- August 18, 2025: Onboarding of new tenants to the Deception feature will be blocked.
- October 31, 2025: All existing decoys and lures will be removed. Deception-related sections will be removed from the portal.
How this affects your organization
You’re receiving this message because your organization may be using or had access to Deception techniques in Defender for Endpoint.
After October 31, 2025:
- The Deception feature will no longer be available.
- Existing decoys and lures will be removed.
- Related UI elements will be removed from the Defender portal.
- Microsoft will continue to support offboarding and removal of deception-related artifacts.
What you can do to prepare
No admin action is required. This change will occur automatically.
We recommend:
- Informing relevant users and stakeholders.
- Updating internal documentation.
- Exploring and adopting automatic attack disruption and exposure management capabilities.
