Forum Discussion
Microsoft Defender for Endpoint (MDE) P2 - Deployed to endpoints by only enabling Tamper Protection?
Tamper protection will not enable MDE plan 2 features. You need the license itself for this. As far as I know MDE will only run in passive mode if a third party AV is detected. Do you have a third party AV installed or just the EDR? Also, how are you onboarding the devices on MDE?
Hello rahuljindal.
They were acquired before our EDR managed solution engagement. but.. we have 180+ license's for MDE p2. We show two assigned via the tenant (subscription products) assigned licensing. Likewise - reporting via Azure licensing reports the same.
However, within the endpoints > licensing the report indicates: 255 /183 used.
I will check with the team to ask if the onboarding to our tenant happens via Intune/configuration manager or scripted. Only ADDS joined "Windows" systems show as onboarded. There is currently no AV installed other then WDE/MDE. We intended, and still very much desire to use Windows Defender or MDE P1 as our AV on the endpoints - not P2.
Since we have P2 licenses MS automatically deploys this as it is of a higher level than our P1 licenses. It looks like the options to set P1 specifically vs. the higher level P2 is available (in preview).
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-subscription-settings?view=o365-worldwide&tabs=mixed
Below is the link I have used to discover the active / passive mode and relation to "Tamper Protection". https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide