This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 33%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
In the Microsoft Defender portal Device Inventory page for my tenant there are several instances where one and the same PC appears twice with different names.
One entry shows the default name "desktop-" + 7 random characters assigned by Windows to new systems, while the other one has the correct name assigned by us according to our naming convention. Both entries show the same value in the fields "Device AAD id" and "Hardware UUID", but different values in the field "Device id" (without "AAD"). The IP addresses are the same. Both show "Managed by: Intune". The First/Last Seen intervals are disjoint, with the default name sightings predating those for the correct name, as expected.
In Intune, the affected PCs appear only once, with the correct name.
How can that happen, how do I clean it up, and how can I prevent it from reoccurring?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 68%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Hi @Tilman Schmidt,
Based on your query, here is my understanding: you have observed there are duplicate entries for the devices with different names.
This might occur when you have a PLC with four network cards, a laptop with both WiFi and a physical network card, or a single workstation with multiple network cards.
In order to overcome the duplicate devices, you need to merge two different devices. To merge multiple devices, select two or more authorized devices in the device inventory and then select Merge.
You can check the same in the following document: Merge duplicate devices.
I hope this information is helpful. Please feel free to reach out if you have any further questions.
Funny you should mention that. It is the same answer I got from Q&A Assist. I thought it strange to propose such an unlikely scenario as a programmable logic circuit with four network cards, but as it comes up now for a second time perhaps it is more common than I thought.
That said: no, the duplicate systems do not have multiple network interfaces, as witnessed by the fact that the duplicate entries display the same IP address.
I tried to follow your advice to merge the duplicate devices but your link leads to a page which is about IoT devices and the procedure described there is not applicable to workstations. Would you have another link for me describing the procedure for workstations?
Nevermind. Catherines answer cleared it up.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.000000000000004%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Hi Tilman Schmidt, Below are some known actions that will create a new/additional entry for onboarded machines in MDE:
Here is some logic into why duplicate entries are created for "can be onboarded" and "onboarded"?
For Windows OS, Device Discovery is based on the MAC address and name of discovered host. So, if a device is joined to the domain (for example), then the device ID of the onboarded machine will be different than that of the original "can be onboarded" discovered device. Regardless, upon next active probe by a nearby agent with 'Discovery' - it is expected that a match will be found between the MAC address of the onboarded device and the previous discovered ID (that no longer points to an unmanaged host) and the old Device in the "can be onboarded" state will be removed from the portal.
Probing happens roughly every 3 weeks, and so the duplicates may take at least 3 weeks to resolve.
One recommendation is that Discovered devices should be merged with onboarded devices if identified as the same device.
If you find the answer above helpful, please Accept the answer to help anyone in the community who might have a similar question to quickly find the solution.