Offboard devices
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Vulnerability Management
- Microsoft Defender XDR
Platforms
- macOS
- Linux
- Windows Server 2012 R2
- Windows Server 2016
Want to experience Defender for Endpoint? Sign up for a free trial.
When you offboard a device from Defender for Endpoint, no new detections, vulnerability, or security data are sent to the Microsoft Defender portal. Seven days after offboarding a device, its status changes to inactive. Devices that weren't active within the past 30 days are not factored into your organization's exposure score.
Past data, such as alerts, vulnerablities, and the device timeline, for an offboarded device is displayed in the Microsoft Defender portal until the configured retention period expires. You also see the device profile (without data) in the device inventory for up to 180 days. To view data for active devices only, you can use filters, such as sensor health state, device tags, or device groups.
Offboard Windows devices
- Offboard devices using a local script
- Offboard devices using Group Policy
- Offboard devices using Mobile Device Management tools
Offboard Servers
Offboard non-Windows devices
Offboard Android or iOS devices
To offboard an Android or iOS device, uninstall the Microsoft Defender app on the device.
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.