MC1137611: Deception feature in Microsoft Defender for Endpoint will be retired from public preview
The Deception feature in Microsoft Defender for Endpoint will be retired from public preview by October 31, 2025. New onboarding stops August 18, 2025; existing decoys and UI elements will be removed. No admin action is needed, but informing stakeholders and updating documentation is recommended.
Introduction
We’re retiring the Deception feature from public preview in Microsoft Defender for Endpoint.
When this will happen
- August 18, 2025: Onboarding of new tenants to the Deception feature will be blocked.
- October 31, 2025: All existing decoys and lures will be removed. Deception-related sections will be removed from the portal.
How this affects your organization
You’re receiving this message because your organization may be using or had access to Deception techniques in Defender for Endpoint.
After October 31, 2025:
- The Deception feature will no longer be available.
- Existing decoys and lures will be removed.
- Related UI elements will be removed from the Defender portal.
- Microsoft will continue to support offboarding and removal of deception-related artifacts.
What you can do to prepare
No admin action is required. This change will occur automatically.
We recommend:
- Informing relevant users and stakeholders.
- Updating internal documentation.
- Exploring and adopting automatic attack disruption and exposure management capabilities.
Learn more: Manage the deception capability in Microsoft Defender XDR
Compliance considerations
No compliance considerations identified, review as appropriate for your organization.