Deception feature in Microsoft Defender for Endpoint will be retired from public preview

Plan for Change

Message ID

MC1137611
View in Message Center

Services

Microsoft Defender XDR

Summary

The Deception feature in Microsoft Defender for Endpoint will be retired from public preview by October 31, 2025. New onboarding stops August 18, 2025; existing decoys and UI elements will be removed. No admin action is needed, but informing stakeholders and updating documentation is recommended.

Details

Introduction

We’re retiring the Deception feature from public preview in Microsoft Defender for Endpoint.

When this will happen

  • August 18, 2025: Onboarding of new tenants to the Deception feature will be blocked.
  • October 31, 2025: All existing decoys and lures will be removed. Deception-related sections will be removed from the portal.

How this affects your organization

You’re receiving this message because your organization may be using or had access to Deception techniques in Defender for Endpoint.

After October 31, 2025:

  • The Deception feature will no longer be available.
  • Existing decoys and lures will be removed.
  • Related UI elements will be removed from the Defender portal.
  • Microsoft will continue to support offboarding and removal of deception-related artifacts.

What you can do to prepare

No admin action is required. This change will occur automatically.

We recommend:

  • Informing relevant users and stakeholders.
  • Updating internal documentation.
  • Exploring and adopting automatic attack disruption and exposure management capabilities.

Learn more: Manage the deception capability in Microsoft Defender XDR

Compliance considerations

No compliance considerations identified, review as appropriate for your organization.

Timeline

Published
Aug 18, 2025
Updated
Aug 18, 2025
Action Required By
Oct 30, 2025
End Date
Dec 1, 2025

Tags

Admin impactRetirement

Category

Plan for Change