Skip to content

Removal of inactive devices

This feature might not be available to all users yet.

You can configure Sophos Central to remove devices automatically if they've been inactive for a specified length of time.

Removing devices means that they'll no longer be listed in the Devices page and won't be managed by Sophos Central.

You might need to remove devices because they're not used any more, because users have left the organization, or because you've set up devices for testing only.

You set up automatic removal separately for endpoint computers and servers. The instructions here apply for both.

Turn on automatic removal

You must be an Admin or Super Admin to turn on this feature.

Before you start, consider whether there are devices you don't want to remove. For example, you might have devices used as an update cache or message relay. You can exclude devices from removal. See Exclude devices from removal.

  1. Go to My Products > General Settings.
  2. Find the Endpoint Protection section (or Server Protection for servers).
  3. Click Removal of inactive devices.
  4. Turn on removal as follows:

    1. Turn on Remove all inactive computers (or Remove all inactive servers).
    2. In Days inactive, enter 14 days or more.
    3. In Comment, add a reminder of why you turned on the setting or when you should review it.
    4. Click Save.

    Removal of inactive devices page.

We'll now check for inactive computers every twenty-four hours, at midnight for the data region your account uses. We'll remove all that match your settings the same night, if possible.

To see devices we've removed, go to Reports > Endpoint & Server Protection > Recover Tamper Protection passwords. The list shows devices removed automatically as well as devices removed by admins.


You can use Tamper Protection passwords to access and uninstall any Sophos software you've left on removed devices.

Exclude devices from removal

If you have devices that you don't want to remove, put them in a special group or groups and exclude those groups.

Excluding a group doesn't automatically exclude its sub-groups. You must exclude sub-groups manually.

You can exclude up to four groups. Sub-groups count towards the maximum of four.

To exclude a group, do as follows:

  1. On the Removal of inactive devices page, go to Exclusions.
  2. Find the group in the list of available groups and do as follows:

    1. Move the group to Excluded computer groups (or Excluded server groups).
    2. Click Save.

    Selector for exclusions.