Forum Discussion
ATP - Duplicate Entries in Machines List
Hi Jason,
welcome! Thanks for reaching out.
o, the offboard script will offboard the machine, but the entry in the tenant remains. That's actual on purpose and a good thing, because even if the machine doesn't exist anymore - in case a threat hit your network via that machine, you still wanna be able to go back in time to that machine to understand the full story.
The old machines will disappear after the days you picked for your data retention.
MicrosoftHi Jason,
welcome! Thanks for reaching out.
o, the offboard script will offboard the machine, but the entry in the tenant remains. That's actual on purpose and a good thing, because even if the machine doesn't exist anymore - in case a threat hit your network via that machine, you still wanna be able to go back in time to that machine to understand the full story.
The old machines will disappear after the days you picked for your data retention.
HeikeRitter We appear to have somehow got a number of duplicate entries due to someone not following the correct procedure and now have a customer complaining and point out that they can't trust either Defender ATP or InTune as to which is telling the truth...
While I understand your point about not wanting the devices to be removed from a security/fprensics point of view - how can we accurately set a baseline when all the machines are correct and accounted for when this happens? can we raise a support ticket with MS and have someone in support behind the scenes sort this out on the customers behalf?
duplicate entries for the same machine that occur just because it upgraded to a new build of 10 is not acceptable. Other AV solutions have figured this out.
