Rather than deleting devices from Active Directory, you can instead choose to make them unavailable using the Disable Device(s) in Active Directory tool. This action will not cause the device to lose its trust relationship with AD, and Endpoint Insights data remains available for disabled devices. This tool can be run on single devices and multi-selected devices.
Potential use cases#
- device has been lost or shipped elsewhere for repair
- device is subject to audit or litigation
To run the tool:
1. Right-click on a device.
2. Click Right Click Tools > Console Tools > Disable Device(s) from Active Directory.
3. Confirm that you want to disable the device in Active Directory.
You can make the same device(s) available again later by clicking Enable Device(s) in Active Directory.