Offboarding Windows Servers from Defender for Endpoint service

%3CLINGO-SUB%20id%3D%22lingo-sub-2421201%22%20slang%3D%22en-US%22%3EOffboarding%20Windows%20Servers%20from%20Defender%20for%20Endpoint%20service%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2421201%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I%20am%20building%20server%20decommissioning%20tool%20(PowerShell%20Studio)%20-%20will%20decommissioned%20server%20onboarded%20to%20Defender%20for%20Endpoint%20service%20be%20eventually%20removed%20from%20it%20without%20any%20action%20from%20my%20end%20or%20I%20have%20to%20code%20offboarding%20part%20to%20avoid%20any%20permanent%20leftovers%20on%20cloud's%20end%3F%20Most%20of%20our%20servers%20are%20running%20Windows%20Server%202012%20R2%2F2016%20and%20onboarded%20to%20Defender%20for%20Endpoint%20service%20using%20SCOM%20agent%20but%20we%20also%20have%20a%20few%20Windows%20Server%202019%20machines%20onboarded%20using%20local%20script.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2443666%22%20slang%3D%22en-US%22%3ERe%3A%20Offboarding%20Windows%20Servers%20from%20Defender%20for%20Endpoint%20service%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2443666%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F964574%22%20target%3D%22_blank%22%3E%40BojanZ%3C%2FA%3E%26nbsp%3BYou%20can%20get%20the%20off%20boarding%20script%20from%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsecurity.microsoft.com%2Fpreferences2%2Foffboarding%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecurity.microsoft.com%2Fpreferences2%2Foffboarding%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%222021-06-14%2010_31_48-Window.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F288413iDB24EC85DBAA8200%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%222021-06-14%2010_31_48-Window.png%22%20alt%3D%222021-06-14%2010_31_48-Window.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi, I am building server decommissioning tool (PowerShell Studio) - will decommissioned server onboarded to Defender for Endpoint service be eventually removed from it without any action from my end or I have to code offboarding part to avoid any permanent leftovers on cloud's end? Most of our servers are running Windows Server 2012 R2/2016 and onboarded to Defender for Endpoint service using SCOM agent but we also have a few Windows Server 2019 machines onboarded using local script.

1 Reply

@BojanZ You can get the off boarding script from https://security.microsoft.com/preferences2/offboarding

 

2021-06-14 10_31_48-Window.png

 

If you dont offboard, I believe once the retention period is over (which is set on defender settings) the inactive device will be deleted