May 21 2020 01:25 AM
We have a couple of devices that are showing in MDATP which we would like to get rid of, however we are not in a position to run any scripts...
One was registered in InTune by mistake and has been unregistered, and we cannot contact the owner anymore - and its still checking in.
One device failed and was rebuilt with the same name but is now showing twice.
Can we remove these?
Neil
Sep 16 2021 10:38 AM
Oct 02 2021 03:43 AM - edited Oct 02 2021 03:44 AM
Has it worked for anyone?
1. Copy the machine you want to offboard in the machine list and obtain the machine ID from the URL (…/machines/<machine ID>)
2. Navigate to API explorer (Left pane in ATP > Partners & APIs > API explorer)
3. Change first drop-down to "POST"
4. Paste this URL (https://api.securitycenter.windows.com/api/machines/{machine-id}/offboard)
5. Enter machine ID in the URL (keep the entire URL, just replace <MachineID>)
6. Run query (This will force machine to run the offboarding script next time the machine checks in.)
7. Include this comment (remove the first and last quotations):
"{
"Comment": "Offboard machine by automation"
}"
8. Repeat 1-6 for each machine you'd like to remove
Oct 26 2021 08:59 AM - edited Oct 27 2021 01:59 AM
Yes, it is working for "Windows 10, version 1703 and later, or Windows Server 2019 and later."
For all Oses, which onboarding to WD ATP via script, not via MMA.
But they disappear after next query to the devices.
Oct 26 2021 11:32 PM
Oct 27 2021 01:58 AM
Oct 27 2021 05:08 PM
Devices remain in the device inventory even if they are offboarded though, do they not?
Do you mean that devices that have been offboarded will not be included in reports?
Jan 18 2022 11:37 AM
@KateAWin getting error like this
syntax is correct https://api.securitycenter.microsoft.com/api/machines/ba8499873cb3a3ab58b05753b938149945c58ddf/offbo... please check the screenshot and target value on the error keeps changing whenever i click run query
Apr 03 2023 04:21 AM
Apr 19 2023 06:37 AM