SOLVED

ATP - Duplicate Entries in Machines List

%3CLINGO-SUB%20id%3D%22lingo-sub-359032%22%20slang%3D%22en-US%22%3EATP%20-%20Duplicate%20Entries%20in%20Machines%20List%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-359032%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20just%20getting%20into%20this%20and%20testing%20out%20deploying%20the%20OnBoarding%20Script%20using%20a%20GPO.%20I%20have%20noticed%20that%20for%20my%20Test%20Computer%20I%20have%20created%20Duplicate%20entries%20for%20the%20same%20computer%20in%20the%20Machine%20List.%20Should%20I%20be%20concerned%3F%20Is%20there%20a%20way%20to%20clean%20them%20up%3F%20Will%20the%20OffBoard%20Script%20do%20this%3F%3C%2FP%3E%3CP%3EJason%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-359108%22%20slang%3D%22en-US%22%3ERe%3A%20ATP%20-%20Duplicate%20Entries%20in%20Machines%20List%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-359108%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20the%20information.%20Very%20Helpful%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-359084%22%20slang%3D%22en-US%22%3ERe%3A%20ATP%20-%20Duplicate%20Entries%20in%20Machines%20List%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-359084%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22text-align%3A%20justify%3B%22%3EHi%20Jason%2C%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20justify%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20justify%3B%22%3Ewelcome!%20Thanks%20for%20reaching%20out.%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20justify%3B%22%3Eo%2C%20the%20offboard%20script%20will%20offboard%20the%20machine%2C%20but%20the%20entry%20in%20the%20tenant%20remains.%20That's%20actual%20on%20purpose%20and%20a%20good%20thing%2C%20because%20even%20if%20the%20machine%20doesn't%20exist%20anymore%20-%20in%20case%20a%20threat%20hit%20your%20network%20via%20that%20machine%2C%20you%20still%20wanna%20be%20able%20to%20go%20back%20in%20time%20to%20that%20machine%20to%20understand%20the%20full%20story.%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20justify%3B%22%3EThe%20old%20machines%20will%20disappear%20after%20the%20days%20you%20picked%20for%20your%20data%20retention.%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20justify%3B%22%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-807218%22%20slang%3D%22en-US%22%3ERe%3A%20ATP%20-%20Duplicate%20Entries%20in%20Machines%20List%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-807218%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3EI%20have%20this%20problem%20too%20except%20I've%20not%20offboarded%20any%20machine%20nor%20do%20I%20want%20to.%26nbsp%3B%20I'm%20seeing%20duplicates%20for%20a%20given%20machine%20when%20I%20upgrade%20it%20from%20one%20build%20of%20Windows%2010%20to%20another.%26nbsp%3B%20This%20is%20happened%20twice%20now%20and%20I'm%20worried%20what%20happens%20when%20I%20upgrade%20them%20again.....3%20entries%20in%20ATP%3F%26nbsp%3B%20Not%20acceptable!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-810378%22%20slang%3D%22en-US%22%3ERe%3A%20ATP%20-%20Duplicate%20Entries%20in%20Machines%20List%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-810378%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F124079%22%20target%3D%22_blank%22%3E%40Joseph%20Wallis%3C%2FA%3E%26nbsp%3BI'd%20also%20like%20to%20see%20some%20way%20of%20tidying%20things%20up...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-813270%22%20slang%3D%22en-US%22%3ERe%3A%20ATP%20-%20Duplicate%20Entries%20in%20Machines%20List%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-813270%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F129396%22%20target%3D%22_blank%22%3E%40David%20Caddick%3C%2FA%3EI%20just%20want%20it%20to%20work%20right.%26nbsp%3B%20I%20dont%20trust%20a%20product%20that%20has%20poor%20data%20management.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-813865%22%20slang%3D%22en-US%22%3ERe%3A%20ATP%20-%20Duplicate%20Entries%20in%20Machines%20List%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-813865%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3BWe%20appear%20to%20have%20somehow%20got%20a%20number%20of%20duplicate%20entries%20due%20to%20someone%20not%20following%20the%20correct%20procedure%20and%20now%20have%20a%20customer%20complaining%20and%20point%20out%20that%20they%20can't%20trust%20either%20Defender%20ATP%20or%20InTune%20as%20to%20which%20is%20telling%20the%20truth...%3CBR%20%2F%3E%3CBR%20%2F%3EWhile%20I%20understand%20your%20point%20about%20not%20wanting%20the%20devices%20to%20be%20removed%20from%20a%20security%2Ffprensics%20point%20of%20view%20-%20how%20can%20we%20accurately%20set%20a%20baseline%20when%20all%20the%20machines%20are%20correct%20and%20accounted%20for%20when%20this%20happens%3F%20can%20we%20raise%20a%20support%20ticket%20with%20MS%20and%20have%20someone%20in%20support%20behind%20the%20scenes%20sort%20this%20out%20on%20the%20customers%20behalf%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-815180%22%20slang%3D%22en-US%22%3ERe%3A%20ATP%20-%20Duplicate%20Entries%20in%20Machines%20List%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-815180%22%20slang%3D%22en-US%22%3E%3CP%3Eduplicate%20entries%20for%20the%20same%20machine%20that%20occur%20just%20because%20it%20upgraded%20to%20a%20new%20build%20of%2010%20is%20not%20acceptable.%26nbsp%3B%20Other%20AV%20solutions%20have%20figured%20this%20out.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello 

I am just getting into this and testing out deploying the OnBoarding Script using a GPO. I have noticed that for my Test Computer I have created Duplicate entries for the same computer in the Machine List. Should I be concerned? Is there a way to clean them up? Will the OffBoard Script do this?

Jason

7 Replies
best response confirmed by JasonMoran (New Contributor)
Solution

Hi Jason,

 

welcome! Thanks for reaching out.

o, the offboard script will offboard the machine, but the entry in the tenant remains. That's actual on purpose and a good thing, because even if the machine doesn't exist anymore - in case a threat hit your network via that machine, you still wanna be able to go back in time to that machine to understand the full story.

The old machines will disappear after the days you picked for your data retention.

 

Thank you for the information. Very Helpful

@Heike RitterI have this problem too except I've not offboarded any machine nor do I want to.  I'm seeing duplicates for a given machine when I upgrade it from one build of Windows 10 to another.  This is happened twice now and I'm worried what happens when I upgrade them again.....3 entries in ATP?  Not acceptable!

Hi @Joseph Wallis I'd also like to see some way of tidying things up...

@David CaddickI just want it to work right.  I dont trust a product that has poor data management.

@Heike Ritter We appear to have somehow got a number of duplicate entries due to someone not following the correct procedure and now have a customer complaining and point out that they can't trust either Defender ATP or InTune as to which is telling the truth...

While I understand your point about not wanting the devices to be removed from a security/fprensics point of view - how can we accurately set a baseline when all the machines are correct and accounted for when this happens? can we raise a support ticket with MS and have someone in support behind the scenes sort this out on the customers behalf?

duplicate entries for the same machine that occur just because it upgraded to a new build of 10 is not acceptable.  Other AV solutions have figured this out.