Forum Discussion
Can Microsoft Defender XDR operate in a passive mode alongside Palo Alto Cortex XDR?
Our organization is planning to transition from Microsoft Defender to Cortex XDR, primarily because Cortex offers 24 hours SOC analyst support. However, we would still like to retain Defender XDR as we have business premium license which have defender for business. Can we continue to collect and query logs using KQL (via Microsoft 365 Defender portal) even if Defender is no longer the primary active endpoint protection
1 Reply
I believe yes. You should also consider enabling EDR in block mode to provide additional layer of security.
