![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEV%3C/text%3E%3C/svg%3E)
1,567 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Eddie Vincent Thank you for reaching out to us, once the device is offboarded, it still appears in devices list. After seven days, the device health state should change to inactive. Machines will go into an ‘inactive’ state after 7 days of zero cyber data activity (for example if machines were offboarded, turned off, disconnected... etc.). Same information has been documented here - https://learn.microsoft.com/en-us/defender-endpoint/fix-unhealthy-sensors
Regarding the retention your understanding is correct. For security purposes, the device will remain in the portal as an historical record for up to 180 days. However, the device's data will be purged according to your retention period.
I.e. The machines will “disappear” from the portal once the machines become inactive (they stop sending cyber data), and no later than 180 days since they stopped sending data to cloud.
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.