03-01-2019 08:38 AM
03-01-2019 08:38 AM
I am just getting into this and testing out deploying the OnBoarding Script using a GPO. I have noticed that for my Test Computer I have created Duplicate entries for the same computer in the Machine List. Should I be concerned? Is there a way to clean them up? Will the OffBoard Script do this?
03-01-2019 09:50 AMSolution
welcome! Thanks for reaching out.
o, the offboard script will offboard the machine, but the entry in the tenant remains. That's actual on purpose and a good thing, because even if the machine doesn't exist anymore - in case a threat hit your network via that machine, you still wanna be able to go back in time to that machine to understand the full story.
The old machines will disappear after the days you picked for your data retention.
08-15-2019 12:05 PM
@Heike RitterI have this problem too except I've not offboarded any machine nor do I want to. I'm seeing duplicates for a given machine when I upgrade it from one build of Windows 10 to another. This is happened twice now and I'm worried what happens when I upgrade them again.....3 entries in ATP? Not acceptable!
08-20-2019 03:00 PM
@Heike Ritter We appear to have somehow got a number of duplicate entries due to someone not following the correct procedure and now have a customer complaining and point out that they can't trust either Defender ATP or InTune as to which is telling the truth...
While I understand your point about not wanting the devices to be removed from a security/fprensics point of view - how can we accurately set a baseline when all the machines are correct and accounted for when this happens? can we raise a support ticket with MS and have someone in support behind the scenes sort this out on the customers behalf?
08-21-2019 07:35 AM
duplicate entries for the same machine that occur just because it upgraded to a new build of 10 is not acceptable. Other AV solutions have figured this out.