Removing Windows Defender ATP Tracking from Your Devices
Before you begin
You must have SOTI MobiControl Package Studio installed.
About this task
When you want to remove the tracking from your devices, you will need to "offboard" them. The process for offboarding devices is similar to the process of onboarding devices.
To remove Windows Defender ATP for your devices:
Procedure
Within the Windows Defender ATP Portal
- Select the Endpoint Management tab from the left-hand panel.
- Within the Endpoint Management screen, scroll down until you see Endpoint Offboarding. If the section is collapsed, use the down arrow on the right-side to expand it.
- Choose Local Script from the Select your deployment tool: drop-down list.
-
Click the Download package button to download the Offboarding script zip file. The zip file will be named WindowsDefenderATPOffboardingPackage_valid_until_YYYY_MM_DD.zip .
YYYY_MM_DD is the expiry date of the package. To maintain security, the offboarding package expires 30 days after its creation.
-
Unzip the zip file and open the offboarding script file in a text editor and remove
pause
from the following section::EXIT
if exist %TMP%\senseTmp.txt del %TMP%\senseTmp.txt
pause
If you do not complete this step, the cmd.exe will continue to run in the background and never be addressed.
-
Open a new document in your text editor and copy and paste the following command:
c:\temp\WindowsDefenderATPOffboardingScript_valid_until_YYYY_MM_DD.cmd
>c:\temp\offboard_log.txt
into the new document.Remember to update YYYY_MM_DD to the actual expiry date on the file. - Save this file as off_boarding.cmd.
-
Open a new document in your text editor and copy and paste the following command:
shellexecute c:\temp\off_boarding.cmd -open
into the new document. - Save this file as Pre_Uninstall.cmd.
Perform these steps within SOTI MobiControl Package Studio:
- Under the File menu, select Create New Package Project.
- Enter a name for the package and make sure Platform is set to All.
-
Fill in the remaining fields and click Next.
See Using Package Studio for more information on the other fields.
- On the Add Scripts screen, select Pre-Uninstall as the type of script and browse to the location of the Pre_Uninstall.cmd file. Click Next.
- Click the Add button to add your offboarding script and click Next.
- On the File Attributes screen, set the Destination on Device to the same path specified in your Pre_Uninstall.cmd and off_boarding.cmd files: C:\temp\
- Click the Add button again to upload the off_boarding.cmd file and repeat the steps.
- Once you have added both files to the package, click Next and then Finish.
- Click Build Package Now and review the output dialog to see where the .pcg file is saved.
Perform these steps in the SOTI MobiControl console:
- On the Windows Modern tab, go to the Packages tab.
-
Click the Add button and browse to the location of the .pcg you just created to upload it to SOTI MobiControl. When successful, you should see a new package listed on the screen.
See Adding a Package to SOTI MobiControl for more information.
- While still on the Windows Modern tab, switch to the Profiles tab.
- Click the Add button to open the Add Profile dialog box. Enter a name for your profile and select Windows Desktop from the Type drop-down list.
- Switch to the Packages tab within the dialog box and click Add to open the Add Package dialog box.
- Select your Windows Defender ATP Offboarding scripts package and click Add.
- Click Save and Assign to deploy this script to your devices.
Results
Your devices are now no longer tracked with Windows Defender ATP. You can check this manually if you created custom data. Navigate to HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status in the registry and verify the status of OnboardingState. The value should be 0.