Forum Discussion

BMoreOs's avatar
BMoreOs
Brass Contributor
Nov 18, 2022

Microsoft Defender P1 and P2 - Any issues?

Hi All -

 

I currently subscribe to Defender P1, with no known issues in the past.  Everything worked great after testing and deploying.  I would like to trial out P2, but I want to make sure it will not cause any issues.  It should not, right?  Does anyone have any experience with P2 blocking legitimate services and causing issues?

 

Part 2 - If I turn it on and it does cause issues, is the fastest way to fix it just turning it "off"?  I want to be as prepared as I can be.

 

Thanks

  • BMoreOs 

    Supposed not but you can gain more features on top of Microsoft Defender P1, after the trail of P2 and you decided not to subscribe for some reason, supposedly it will back to P1

  • Germaum's avatar
    Germaum
    Brass Contributor
    Basing on my experience, I haven't encountered any issues moving users from Defender P1 to P2.

    But I suggest doing it on a test user or few users first, then monitor it a few days. Can I also please know what specific services are you asking that might cause an issue?

    Part 2:
    Typically, you go back from P2 to P1. I also do not see any problems on this. The only issues that I encounter previously (very rare) is when I turn it off for few hours and turn it back on. It takes time sometime for changes to sync to the backend but most of the time there are no issues.
    • BMoreOs's avatar
      BMoreOs
      Brass Contributor
      Thanks for your reply. My biggest concern is any type of legacy software that we have setup causing a false positive. Our billing system connections, for example. I am worried about the below 4 items from P2:

      Core Defender Vulnerability Management capabilities
      Automated investigation and response
      Advanced hunting
      Endpoint detection and response

      I feel confident that it will not cause any issues but just want to be safe! Thanks

Resources