SOLVED

Moving away from Microsoft Defender XDR onto using some other solution - any actions required?

Copper Contributor

Hi All,

I manage one O365 tenant that has been using the Microsoft Defender and had licensed for the Defender Plan 2 - The licenses are about to expire and they want to jump on to another product for the security systems and leave Defender behind - Any actions needed in the https://security.microsoft.com portal to off-board from using the Defender or just wait for the licenses to expire? Or will it take care of it self after the licenses are no longer valid?

 

As you might guess from my question, I'm not the one who was onboarding the Defender so please - If steps are need - explain those actions with clear instructions what and where is needed without Defender specific terminology and acronyms 🙂

 

Kindly,

Em.

3 Replies
best response confirmed by EmMabel (Copper Contributor)
Solution
Oh no, those are sad news for me 😞 Not sure it is possible, but we would love to learn more about this decision.

Devices should get offboarded from the service, so no data will be send anymore. The status of a device will switch to "Inactive" 7 days after offboarding. Existing data will remain in the portal based on the retention policy.
We have a detailed documentation for the various platforms and management tools here: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/offboard-machines?view=o3...

@HeikeRitter
Thank you for your quick reply!
Unfortunately I have no information to share what resulted for this departure of the Defender - I was simply just asked to handle the off-boarding - what ever that means :).

So from your reply and the article - the only thing needed would be the device off-boarding - and then just wait the licenses to expire. No switch in the admin portal to change "off" or anything like that....

Thank you very much! 🙂

 

Kindly,

Em.

Terrible decision, in any case there is an off boarding script that you can download from defender. You can run that against your endpoints.
1 best response

Accepted Solutions
best response confirmed by EmMabel (Copper Contributor)
Solution
Oh no, those are sad news for me 😞 Not sure it is possible, but we would love to learn more about this decision.

Devices should get offboarded from the service, so no data will be send anymore. The status of a device will switch to "Inactive" 7 days after offboarding. Existing data will remain in the portal based on the retention policy.
We have a detailed documentation for the various platforms and management tools here: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/offboard-machines?view=o3...

View solution in original post