The Symantec Endpoint Protection Manager (SEPM) is enrolled in the Cloud console and "Manage Devices from the Cloud" is set in the ICDM console.
Offline clients are listed on SEPM and using the license seats. The clients are not purged from the SEPM even after changing the domain settings to purge 1 day.
Clients cannot be deleted manually from SEPM as the option was disabled (greyed out).
On the ICDM console, only online devices are listed, and offline clients are not listed there, but this is not reflected in SEPM.
Manage Devices from the Cloud option allows the Cloud console to control device organization (groups, moving devices, etc.). This option does not control the policy management. If this option is disabled, Symantec Endpoint Protection Manager, or a third-party directory service such as Active Directory, can organize the devices.
If all the Offline clients are in different groups, the groups can be deleted from within the ICDM console.
For the ICDM to reflect the changes made in SEPM, SEP Uploader and Bridge services need to be restarted and the synchronization can be verified afterwards.
The deleted groups should disappear from SEPM after taking those steps.
The Clients can still be shown as offline on the Home Page. When agentsweeper runs during scheduled time the clients will be deleted and the change will be reflected on the Home Page in SEPM and the license will be freed.
If the offline clients are in different groups, toggle "Manage devices from the Cloud" from ICDM >> Integration >> Enrollment.