The Inactive endpoint option in Nebula allows you to remove endpoints from your console that have been inactive for a set period of time. When enabled in a policy, endpoints that have not checked in with the console within the specified time frame are automatically removed.
This feature is useful for automating the removal of decommissioned endpoints, and helps to properly account for licensed seats in use.
Endpoints that are removed due to this option automatically reappear in Nebula with their historical data if they come online again. Some example scenarios are:
- Laptop devices kept in storage and then powered-on at a later date
- Desktop devices not used while employees are working remote for an extended period, but are powered-on at a later date once employees return to the office
To find and toggle this option in the Nebula console:
- On the left navigation menu, go to Configure > Policies.
- Click New or select a policy.
- Click the Endpoint agent tab, then expand the Inactive endpoints section.
- Inactive Endpoints: When enabled, endpoints that are offline for more than 90 days are automatically deleted from the Nebula console. You can set the date range between 1-365 days.
- Once you enable this option in a policy, allow up to 24 hours for the Nebula console to automatically remove endpoints that fall outside your specified time frame.
Return to the Malwarebytes Nebula Administrator Guide.