Offboard a device from Microsoft Defender for Business

As devices are replaced or retired, or your business needs change, you can offboard devices from Defender for Business. Offboarding a device causes the device to stop sending data to Defender for Business. However, data received prior to offboarding is retained for up to six (6) months.


The procedures in this article describe how to remove a device from monitoring by Defender for Business. If you're using Microsoft Intune to manage devices, and you prefer to remove the device from Intune, see Remove devices by using wipe, retire, or manually unenrolling the device.

What to do

  1. Select a tab:

    • Windows 10 or 11
    • Mac
    • Servers (Windows Server or Linux Server)
    • Mobile (for iOS/iPadOS or Android devices)
  2. Follow the guidance on the selected tab.

  3. Proceed to your next steps.

Windows 10 or 11

  1. Go to the Microsoft 365 Defender portal ( and sign in.

  2. In the navigation pane, choose Settings, and then choose Endpoints.

  3. Under Device management, choose Offboarding.

  4. Select an operating system, such as Windows 10 and 11, and then, under Offboard a device, in the Deployment method section, choose Local script.

  5. In the confirmation screen, review the information, and then choose Download to proceed.

  6. Select Download offboarding package. We recommend saving the offboarding package to a removable drive.

  7. Run the script on each device that you want to offboard.

Next steps