Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

Disable log collection from Defender for endpoint

Brass Contributor



Is there a way to disable the log collection from endpoint device after onboard it to Microsoft Defender.




5 Replies
best response confirmed by Trevor_Rusher (Community Manager)
You can go back into the data connector, unselect which information you no longer want, and then save those changes. Only those items that are selected will be ingested.



running the offboarding script should also disable logging.



"Offboarding causes the device to stop sending sensor data to the portal but data from the device, including reference to any alerts it has had will be retained for up to 6 months."

Thanks, but i need to disable that for specific device, not all the devices.@GBushey 

Thank you, but is there a way to still have the device onboarded but no logs received from that device.
You may want to ask this in a Defender for EndPoint forum as Sentinel will either gather all devices or no devices.