Forum Discussion
MUST be able to delete duplicate/orphaned devices from M365 Security Center
Good morning, I am about 2-3 weeks into evaluating Microsoft Defender for Endpoint, and so far have about 4 Windows 10 devices onboarded and managed through InTune policies. One of the test m...
- AFAIK, TVM data only includes data from computers that have been active in the last 30 days.
Microsoft doesn't provide the ability to remove devices because it's extremely dangerous. If an attacker would get permissions on your cloud instances, he could remove all his tracks. The devices are retained for forensic purposes.
Best options it to tag an offboarded machine and create an 'Inactive' machine group for it
AFAIK, TVM data only includes data from computers that have been active in the last 30 days.
Microsoft doesn't provide the ability to remove devices because it's extremely dangerous. If an attacker would get permissions on your cloud instances, he could remove all his tracks. The devices are retained for forensic purposes.
Best options it to tag an offboarded machine and create an 'Inactive' machine group for it
Microsoft doesn't provide the ability to remove devices because it's extremely dangerous. If an attacker would get permissions on your cloud instances, he could remove all his tracks. The devices are retained for forensic purposes.
Best options it to tag an offboarded machine and create an 'Inactive' machine group for it
Hey Thijs,
Yes in fact, this is exactly what I did. I created a new Machine Group called "Orphaned Machines" and a corresponding Tag for it. I then created a new Automatic Remediation rule (for that Tag) and moved it to "Rank 1" so that my Auto-Remediation policies don't touch them. (As a machine may have multiple Tags attached to it)
Thanks very much, James
Yes in fact, this is exactly what I did. I created a new Machine Group called "Orphaned Machines" and a corresponding Tag for it. I then created a new Automatic Remediation rule (for that Tag) and moved it to "Rank 1" so that my Auto-Remediation policies don't touch them. (As a machine may have multiple Tags attached to it)
Thanks very much, James
