Forum Discussion
Defender ATP and Defender Antivirus
You are on the right track. I am also working on similar project (my AV is not CrowdStrike) and after reading all the documentation available online, you have to use SCCM/Intune or both to enable Defender ATP. My Defender is running in passive mode but it still picks up some files and sends it to cloud (if you have cloud protection on) to verify.
In SCCM, you need Defender ATP onboarding policy to register endpoint to defender tenant (on-board) and anti malware policy to enable AV features.
I am also looking at enabling Defender exploit guard policy to enable ASR rules, network protection/web protection.
So far the issue is managing multiple portals/places:
1. SCCM
2. Intune
3. securitycenter.windows.com
4. security.microsoft.com (to look at ASR rules)
kp_3up_u Just wondering if you might be able to help - I'm trying to find out what "Defender AV" exclusion rules are needed to enable Defender AV in passive mode when being used alongside another 3rd party AV tool?
