There are a few ways you can remove devices from Kolide. When a user removes the Kolide launcher agent, though the device will stop checking into the Kolide console, a device profile will remain for the device, even if the user is removed.

To remove deprovisioned devices, you can navigate to the Inventory page, select the device and click "Actions" and "Remove from Kolide":

To complete the removal, you will want to type the name of the device in the box below where it says, "Enter Device Name to Confirm".

In the event of a BYOD setting where a user leaves the org, but does not remove the launcher agent from their device, resulting in their device checking in, you can permanently block the device by following the above removal step, and checking the box that reads, "Would you like to prevent this device from re-enrolling in Kolide? Note that this will not prevent the device from re-enrolling if the Launcher agent is properly and completely uninstalled, then re-installed." This will place a Tombstone on the device, where it will not show up again.

Please note, if you add a tombstone to a device that was deprovisioned, but then it is reprovisioned again to a new user, be sure to remove the tombstone so that device may re-enroll.

As our customers continue to grow the number of devices they enroll, many of them are looking for more advanced options to manage when inactive devices are removed automatically, or if multiple device records exist in Kolide for a device with the same serial number.

The Automatic Device Deletion setting screen allows you to tune the behavior of these removal options based on your needs. This is a great option if you want to automatically remove retired devices, old instances of devices that have to be re-provisioned to new users, or ephemeral devices.