Offboarding a Device from MDE with a Deleted Tenant ID

Question

I have a device that was onboarded to MDE under a DemoTenant that no longer exists. Now, I want to offboard it and onboard it to a new tenant. Can someone please assist?

Answer 1

Hi @Danish Batliwala ,

If you want to offboard the device from Microsoft Defender for Endpoint from the deleted tenant, you should be able to achieve from the device itself using a local script as documented in Offboard devices using a local script:

1. Get the offboarding package from Microsoft Defender portal:
   1. In the navigation pane, select Settings > Endpoints > Device management > Offboarding.
   2. Select Windows 10 or Windows 11 as the operating system.
   3. In the Deployment method field, select Local Script.
   4. Select Download package and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that devices can access. You should have a file named WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd.
3. Open an elevated command-line prompt on the device and run the script:
   1. Go to Start and type cmd.
   2. Right-click Command prompt and select Run as administrator.
4. Type the location of the script file. If you copied the file to the desktop, type: %userprofile%\Desktop\WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd
5. Press the Enter key or select OK.

Note that offboarding causes the device to stop sending sensor data to the portal but data from the device, including reference to any alerts it has had, will be retained for up to 6 months. In your case this should apply though since the portal is already deprecated.

If this does not work or you face any errors, let me know.

If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.