This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 14.000000000000002%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Hello,
We are having issues trying to use a migration tool to move our devices to another Microsoft tenant. It seems to be struggling gaining access and deleting a regkey that is link to a service for MDE. The tool is running and using the system account, we are also local admins and unable to delete/remove manually.
We have used the offboarding script but only seems to disconnect the device from the MDE portal. This doesn't uninstall or clean-up MDE from device. All of the software, services or regkeys still remain. Is there a uninstall or clean-up tool please to help fully remove Microsoft Defender Endpoint??
Thanks,
Dan
Additional Microsoft Defender tools and services that provide security across various platforms and environments
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 4%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
Most, if not all of these steps are NOT SUPPORTED by Microsoft Support. Nor are they recommended. Doing so could put your system in a state where Defender/MDE/EDR cannot be re-activiated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 22%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EY%3C/text%3E%3C/svg%3E)
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 22%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGB%3C/text%3E%3C/svg%3E)
Microsoft doesn’t support anything that doesn’t come through them. Now they have a monopoly on security software.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
As I understand you need assistance in uninstalling Microsoft Defender for endpoint.
I see that you have also posted this issue on tech community platform. There is an answer posted on the tech community thread with detailed steps on how to uninstall MDE.
To fully uninstall and clean up Microsoft Defender Endpoint (MDE) from your devices, you need to follow a comprehensive process that involves stopping services, removing registry keys, and uninstalling associated components. Here’s a detailed guide to help you achieve this.
Step-by-Step Guide to Fully Uninstall/Clean-up Microsoft Defender Endpoint.
Stop Microsoft Defender Services
Disable the Services:
Uninstall Microsoft Defender Endpoint Components: Uninstall using PowerShell
Note: Replace {ProductCode} with the actual product code for Microsoft Defender Endpoint. You can find this in the registry under: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Now you will have to remove the registry keys:
Next step is to offboarding script again and this is optional
If you have not already, you can run the offboarding script provided by Microsoft to ensure the device is disconnected from the MDE portal.
Now next steps is to clean Up Residual Files and Folders
Now reboot the device
Reboot the device to ensure all changes take effect and to complete the cleanup process.
Additional Considerations
Permissions:
- Verify that there are no Group Policies that might be re-enabling or protecting Microsoft Defender services or components.
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Thanks for the response, I will check this through and see if it helps. Thanks
Thank you for your response but that answer doesn't work and believe to be AI generated. Response on the thread,
I am afraid fallen at the first hurdle, the command "Stop-Service -Name "Sense" -Force" works then the below 2 are unable to complete and open the service.
Stop-Service -Name "windefend" -Force
Stop-Service -Name "WdNisSvc" -Force
Error: Stop-Service : Service 'Microsoft Defender Antivirus Service (windefend)' cannot be stopped due to the following
error: Cannot open windefend service on computer '.'.
At line:1 char:1
+ CategoryInfo : CloseError: (System.ServiceProcess.ServiceController:ServiceController) [Stop-Service],
ServiceCommandException
+ FullyQualifiedErrorId : CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand
I have tried to open Services.msc as administrator but I am unable to stop or disable. So, do not believe this process will work, any suggestions?
Following these steps is NOT SUPPORTED by Microsoft Support BTW. I recommend that you do NOT follow these.