cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Disable log collection from Defender for endpoint

Qusai_Ismail
Brass Contributor

‎Oct 24 2022 03:12 AM

‎Oct 24 2022 03:12 AM

Disable log collection from Defender for endpoint

Hello,

 

Is there a way to disable the log collection from endpoint device after onboard it to Microsoft Defender.

 

 

Thanks.

2,125 Views
0 Likes
5 Replies
Reply
5 Replies
best response confirmed by Trevor_Rusher (Community Manager)
GBushey

‎Oct 24 2022 06:57 AM

‎Oct 24 2022 06:57 AM

Solution

Re: Disable log collection from Defender for endpoint

You can go back into the data connector, unselect which information you no longer want, and then save those changes. Only those items that are selected will be ingested.
1 Like
Reply
SocInABox

‎Oct 24 2022 02:33 PM

‎Oct 24 2022 02:33 PM

Re: Disable log collection from Defender for endpoint

@Qusai_Ismail 

 

running the offboarding script should also disable logging.

reference:

offboarding 

"Offboarding causes the device to stop sending sensor data to the portal but data from the device, including reference to any alerts it has had will be retained for up to 6 months."

0 Likes
Reply
Qusai_Ismail

‎Oct 25 2022 02:03 AM

‎Oct 25 2022 02:03 AM

Re: Disable log collection from Defender for endpoint

Thanks, but i need to disable that for specific device, not all the devices.@GBushey 

0 Likes
Reply
Qusai_Ismail

‎Oct 25 2022 02:04 AM

‎Oct 25 2022 02:04 AM

Re: Disable log collection from Defender for endpoint

Thank you, but is there a way to still have the device onboarded but no logs received from that device.
0 Likes
Reply
GBushey

‎Oct 25 2022 04:13 AM

‎Oct 25 2022 04:13 AM

Re: Disable log collection from Defender for endpoint

You may want to ask this in a Defender for EndPoint forum as Sentinel will either gather all devices or no devices.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Trevor_Rusher (Community Manager)
GBushey

‎Oct 24 2022 06:57 AM

‎Oct 24 2022 06:57 AM

Solution

Re: Disable log collection from Defender for endpoint

You can go back into the data connector, unselect which information you no longer want, and then save those changes. Only those items that are selected will be ingested.

View solution in original post

1 Like
Reply