cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

ATP - Duplicate Entries in Machines List

JasonMoran
Copper Contributor

‎Mar 01 2019 08:38 AM

‎Mar 01 2019 08:38 AM

ATP - Duplicate Entries in Machines List

Hello 

I am just getting into this and testing out deploying the OnBoarding Script using a GPO. I have noticed that for my Test Computer I have created Duplicate entries for the same computer in the Machine List. Should I be concerned? Is there a way to clean them up? Will the OffBoard Script do this?

Jason

9,338 Views
0 Likes
7 Replies
Reply
7 Replies
best response confirmed by JasonMoran (Copper Contributor)
Heike Ritter

‎Mar 01 2019 09:50 AM

‎Mar 01 2019 09:50 AM

Solution

Re: ATP - Duplicate Entries in Machines List

Hi Jason,

 

welcome! Thanks for reaching out.

o, the offboard script will offboard the machine, but the entry in the tenant remains. That's actual on purpose and a good thing, because even if the machine doesn't exist anymore - in case a threat hit your network via that machine, you still wanna be able to go back in time to that machine to understand the full story.

The old machines will disappear after the days you picked for your data retention.

 

0 Likes
Reply
JasonMoran

‎Mar 01 2019 10:20 AM

‎Mar 01 2019 10:20 AM

Re: ATP - Duplicate Entries in Machines List

Thank you for the information. Very Helpful

1 Like
Reply
Joseph Wallis

‎Aug 15 2019 12:05 PM

‎Aug 15 2019 12:05 PM

Re: ATP - Duplicate Entries in Machines List

@Heike RitterI have this problem too except I've not offboarded any machine nor do I want to.  I'm seeing duplicates for a given machine when I upgrade it from one build of Windows 10 to another.  This is happened twice now and I'm worried what happens when I upgrade them again.....3 entries in ATP?  Not acceptable!

0 Likes
Reply
David Caddick

‎Aug 19 2019 12:29 AM

‎Aug 19 2019 12:29 AM

Re: ATP - Duplicate Entries in Machines List

Hi @Joseph Wallis I'd also like to see some way of tidying things up...

0 Likes
Reply
Joseph Wallis

‎Aug 20 2019 10:15 AM

‎Aug 20 2019 10:15 AM

Re: ATP - Duplicate Entries in Machines List

@David CaddickI just want it to work right.  I dont trust a product that has poor data management.

0 Likes
Reply
David Caddick

‎Aug 20 2019 03:00 PM

‎Aug 20 2019 03:00 PM

Re: ATP - Duplicate Entries in Machines List

@Heike Ritter We appear to have somehow got a number of duplicate entries due to someone not following the correct procedure and now have a customer complaining and point out that they can't trust either Defender ATP or InTune as to which is telling the truth...

While I understand your point about not wanting the devices to be removed from a security/fprensics point of view - how can we accurately set a baseline when all the machines are correct and accounted for when this happens? can we raise a support ticket with MS and have someone in support behind the scenes sort this out on the customers behalf?

0 Likes
Reply
Joseph Wallis

‎Aug 21 2019 07:35 AM

‎Aug 21 2019 07:35 AM

Re: ATP - Duplicate Entries in Machines List

duplicate entries for the same machine that occur just because it upgraded to a new build of 10 is not acceptable.  Other AV solutions have figured this out.

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by JasonMoran (Copper Contributor)
Heike Ritter

‎Mar 01 2019 09:50 AM

‎Mar 01 2019 09:50 AM

Solution

Re: ATP - Duplicate Entries in Machines List

Hi Jason,

 

welcome! Thanks for reaching out.

o, the offboard script will offboard the machine, but the entry in the tenant remains. That's actual on purpose and a good thing, because even if the machine doesn't exist anymore - in case a threat hit your network via that machine, you still wanna be able to go back in time to that machine to understand the full story.

The old machines will disappear after the days you picked for your data retention.

 

View solution in original post

0 Likes
Reply