Hello @Nicole ,
Thank you for posting your query on Microsoft Q&A. Could you please validate the following:
- If the offboarding package was created more than 30 days ago, this could be confirmed from package name? If you could try deploying a newly generated offboarding package ?
- See if registry path HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection exist. If yes then validate the org id in MDE portal and GUID in the registry path:
-
- Also if you could navigate to services.msc look for Windows Defender advance threat protection service and check the status while running the offboarding package. If the service does not stop, kindly try to stop it manually followed by retrying to run offboarding package.
Please do let me know the results of above action plan in the comments section.
Thanks,
Akshay Kaushik
Please "Accept the answer", "Upvote" and rate your experience if the suggestion works as per your business need. This will help us and others in the community as well.