Forum Discussion
Solved
Disable log collection from Defender for endpoint
Hello, Is there a way to disable the log collection from endpoint device after onboard it to Microsoft Defender. Thanks.
- You can go back into the data connector, unselect which information you no longer want, and then save those changes. Only those items that are selected will be ingested.
running the offboarding script should also disable logging.
reference:
"Offboarding causes the device to stop sending sensor data to the portal but data from the device, including reference to any alerts it has had will be retained for up to 6 months."
Thank you, but is there a way to still have the device onboarded but no logs received from that device.
- You may want to ask this in a Defender for EndPoint forum as Sentinel will either gather all devices or no devices.