The Inactive endpoint option in Malwarebytes Nebula allows you to remove endpoints from your Nebula console that have been inactive for a set period of time. When enabled in a policy, endpoints that have not checked in with the console within the specified time frame are automatically removed.
This feature is useful for automating the removal of decommissioned endpoints, and helps to properly account for licensed seats in use. You must first opt-in to this feature, which is helpful for users with strict compliance requirements for data deletion.
Endpoints that are removed due to this option automatically reconnect with your Nebula console if they appear online again, and the console retains historical endpoint data. Some example scenarios are:
- Laptop devices kept in storage and then powered-on at a later date
- Desktop devices not used while employees are working remote for an extended period, but are powered-on at a later date once employees return to the office
To follow the steps in this article, enable the New policies experience switch in the Policies page.
If you have the new policies experience disabled, locate these policy settings by referring to: Malwarebytes Nebula policy with new experience disabled.
To find and toggle this option in the Nebula console, click Settings > Policies > select a policy > click Endpoint agent tab > expand Inactive endpoints section.
- Inactive Endpoints: When enabled, endpoints that are offline for more than 90 days are automatically deleted from the Nebula console. You can set the date range between 30-365 days.
- By default, the Remove Inactive Endpoints option is OFF. If you toggle this or other options in your Default Policy, saved changes will reflect in the template of new policies you add in the future.
- Once you enable this option in a policy, allow up to 24 hours for the Nebula console to automatically remove endpoints that fall outside your specified time frame.
Return to the Malwarebytes Nebula platform Administrator Guide.