Delete devices from Inventory in Defender Security Portal

%3CLINGO-SUB%20id%3D%22lingo-sub-3184333%22%20slang%3D%22en-US%22%3EDelete%20devices%20from%20Inventory%20in%20Defender%20Security%20Portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3184333%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20are%20some%20obsolete%20devices%20that%20are%20removed%20from%20AD%20and%20Azure%20AD%2C%20but%20noticed%20these%20devices%20are%20not%20removed%20from%20Defender%20Security%20Portal.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20per%20the%20Support%2C%20there%20is%20no%20option%20to%20remove%20them%20as%20it%20will%20only%20be%20removed%20based%20on%20retention%20period.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20Microsoft%20provide%20an%20option%20to%20delete%20computers%20from%20inventory%20in%20the%20Defender%20security%20Portal%20like%20they%20provide%20access%20to%20delete%20in%20Azure%20AD%20or%20Intune%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3184333%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ecommunity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3211065%22%20slang%3D%22en-US%22%3ERe%3A%20Delete%20devices%20from%20Inventory%20in%20Defender%20Security%20Portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3211065%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1311453%22%20target%3D%22_blank%22%3E%40AbilashGeorge%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHello!%20You've%20posted%20your%20question%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Ftech-community-discussion%2Fbd-p%2FCommunityQuestions%22%20target%3D%22_blank%22%3ETech%20Community%20Discussion%20space%3C%2FA%3E%2C%20which%20is%20intended%20for%20discussion%20around%20the%20Tech%20Community%20website%20itself%2C%20not%20product%20questions.%20I'm%20moving%20your%20question%20to%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fbd-p%2FMicrosoftThreatProtection%22%20target%3D%22_self%22%3EMicrosoft%20365%20Defender%20space%3C%2FA%3E%20-%20please%20post%20Microsoft%20365%20Defender%20questions%20here%20in%20the%20future.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E(If%20I%20am%20incorrect%20in%20my%20assumption%20of%20which%20Defender%20you%20are%20speaking%20about%2C%20the%20other%20Defender%20products%20are%20represented%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fsecurity-compliance-and-identity%2Fct-p%2FMicrosoftSecurityandCompliance%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fsecurity-compliance-and-identity%2Fct-p%2FMicrosoftSecurityandCompliance%3C%2FA%3E)%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

There are some obsolete devices that are removed from AD and Azure AD, but noticed these devices are not removed from Defender Security Portal.

 

As per the Support, there is no option to remove them as it will only be removed based on retention period. 

 

Can Microsoft provide an option to delete computers from inventory in the Defender security Portal like they provide access to delete in Azure AD or Intune 

2 Replies

@AbilashGeorge 

Hello! You've posted your question in the Tech Community Discussion space, which is intended for discussion around the Tech Community website itself, not product questions. I'm moving your question to the Microsoft 365 Defender space - please post Microsoft 365 Defender questions here in the future.

 

(If I am incorrect in my assumption of which Defender you are speaking about, the other Defender products are represented here: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/ct-p/MicrosoftSecurityandCom...)  

Microsoft doesn't provide the ability to remove devices because it's extremely dangerous. If an attacker would get permissions on your cloud instances, he could remove all his tracks. The devices are retained for forensic purposes.

Best option is to tag an offboarded machine and create an 'Inactive' machine group for it Or run the offboarding script on the device if possible.