title | description | ms.service | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic | ms.subservice | search.appverid | ms.date | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Offboard devices |
Onboard Windows devices, servers, non-Windows devices from the Microsoft Defender for Endpoint service |
defender-endpoint |
deniseb |
denisebmsft |
medium |
deniseb |
ITPro |
|
conceptual |
onboard |
met150 |
08/23/2024 |
[!INCLUDE Microsoft Defender XDR rebranding]
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Vulnerability Management
- Microsoft Defender XDR
Platforms
- macOS
- Linux
- Windows Server 2012 R2
- Windows Server 2016
Want to experience Defender for Endpoint? Sign up for a free trial.
When you offboard a device from Defender for Endpoint, no new detections, vulnerability, or security data are sent to the Microsoft Defender portal. Seven days after offboarding a device, its status changes to inactive. Devices that weren't active within the past 30 days are not factored into your organization's exposure score.
Past data, such as alerts, vulnerablities, and the device timeline, for an offboarded device is displayed in the Microsoft Defender portal until the configured retention period expires. You also see the device profile (without data) in the device inventory for up to 180 days. To view data for active devices only, you can use filters, such as sensor health state, device tags, or device groups.
- Offboard devices using a local script
- Offboard devices using Group Policy
- Offboard devices using Mobile Device Management tools
To offboard an Android or iOS device, uninstall the Microsoft Defender app on the device.