Offboard devices
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Vulnerability Management
- Microsoft Defender XDR
Platforms
- macOS
- Linux
- Windows Server 2012 R2
- Windows Server 2016
Want to experience Defender for Endpoint? Sign up for a free trial.
Follow the corresponding instructions depending on your preferred deployment method.
The status of a device switches to Inactive seven (7) days after offboarding.
Data, such as Timeline, Alerts, Vulnerabilities, etc., from devices that were offboarded remains in the Microsoft Defender portal until the configured retention period expires.
The device's profile (without data) remains in the Device inventory for no longer than 180 days.
Devices that weren't active in the last 30 days aren't factored in on the data that reflects your organization's Defender Vulnerability Management exposure score and Microsoft Secure Score for Devices.
To view only active devices, you can filter by sensor health state, device tags, or machine groups.
Offboard Windows devices
- Offboard devices using a local script
- Offboard devices using Group Policy
- Offboard devices using Mobile Device Management tools
Offboard Servers
Offboard non-Windows devices
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for