SOLVED

MDE Community

Copper Contributor

Hi MDE Community,

 

I have question related Microsoft defender for endpoint after offboarding or renamed device, And these device changed status to inactive. How to force remove/delete endpoint from device inventory?

4 Replies
best response confirmed by NY_Dina (Copper Contributor)
Solution

@NY_Dina It's been asked before - the MDE inventory is immutable

Don't onboard anything that you don't want hanging around - forever

 

If needed, spin up a demo/trial Tenant and test things there

Offboarded devices will remain in the tenant until the retention policy deletes them. This is because you want the data in there for hunting across historical data. You can use filters in your device inventory, to only show onboarded devices.
Actually we have offboarded devices even our retention policy 180 days, Does device will remove from device inventory as the same retention policy? If like that don't anyway to force remove before retention policy because sometime it's seem messy on MDE portal. Thank you
Hi @NY_Dina, please review the section named "Decommissioned machines" in the following blog post:

How to use tagging effectively (Part 1)
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/how-to-use-tagging-effectivel...

Thanks,
Yong Rhee
1 best response

Accepted Solutions
best response confirmed by NY_Dina (Copper Contributor)
Solution

@NY_Dina It's been asked before - the MDE inventory is immutable

Don't onboard anything that you don't want hanging around - forever

 

If needed, spin up a demo/trial Tenant and test things there

View solution in original post