cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Defender for Endpoint Offboarding Windows 10 Device

MichaelSolt
Copper Contributor

‎Oct 31 2023 03:42 PM

‎Oct 31 2023 03:42 PM

Defender for Endpoint Offboarding Windows 10 Device

Hi

I had my Windows PC onboarded to trial of MS 365 Business Premium (done using script). It has never been offboarded. After the trial I started using another paid subscription MS 365 Business Premium and when trying to onboard my Windows 10 PC to a new subscription with a script it keeps saying "The Microsoft Defender for Endpoint Service is already running!"

What's the easiest way to offboard device (I've already tried offboarding script but there was error saying " Machine is onboarded to a different org.")? I don't have any details of previous trial tenant.

 

Thank you

1,407 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by MichaelSolt (Copper Contributor)
eliekarkafy

‎Oct 31 2023 04:00 PM

‎Oct 31 2023 04:00 PM

Solution

Re: Defender for Endpoint Offboarding Windows 10 Device

@MichaelSolt 

The easiest way is to look in the following registry key on the machine:

HKLM:\Software\Microsoft\Windows Advanced Threat Protection\Status

and examine the value of the key:

OnboardingState

 

if the value is 1 change it to 0 reboot your device and try to onboarding it again to the new the MDE org

1 Like
Reply
MichaelSolt

‎Nov 01 2023 02:14 AM

‎Nov 01 2023 02:14 AM

Re: Defender for Endpoint Offboarding Windows 10 Device

@eliekarkafy thanks for your response!

Yes. it shows 1 as OnboardingState. 

Unfortunatelly struggling to change it to 0. Keeps showing error message access denied. 

I’m logged in as admin. Any idea how to resolve it? Many thanks

0 Likes
Reply
eliekarkafy

‎Nov 01 2023 02:16 AM

‎Nov 01 2023 02:16 AM

Re: Defender for Endpoint Offboarding Windows 10 Device

backup the registry key and try to delete it.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by MichaelSolt (Copper Contributor)
eliekarkafy

‎Oct 31 2023 04:00 PM

‎Oct 31 2023 04:00 PM

Solution

Re: Defender for Endpoint Offboarding Windows 10 Device

@MichaelSolt 

The easiest way is to look in the following registry key on the machine:

HKLM:\Software\Microsoft\Windows Advanced Threat Protection\Status

and examine the value of the key:

OnboardingState

 

if the value is 1 change it to 0 reboot your device and try to onboarding it again to the new the MDE org

View solution in original post

1 Like
Reply