Hi,

I had two windows server VMs with MDE(Microsoft Defender for Endpoint) onboarded.

For test purpose, I turned on the security settings management in MDE to let MEM deploy some security policies to them.

It worked fine.

I got corresponding device entries in AAD and MEM and was able to manage the VMs like other Intune managed devices.

After I deleted the VMs, I found the device entries are somehow lingering.

For MDE, I knew there is a data retention time which is 30 days in my case.

I waited for a month and the VMs do disappear from MDE.

But I can still see them in AAD and MEM till now.

I can't do anything to them in MEM, while I can temporarily delete them in AAD and see them respawn next day.

According to the doc, there is a way to solve this problem, but I can't see how.

Use Intune to manage Microsoft Defender for Endpoint Security on devices not enrolled with Microsoft...

Does anyone know what "be removed from the scope of Configuration Management in the Security Center" means and how to perform it?

Thanks for reading this post.