Forum Discussion
Onboarding Windows Server 2022 to MDE.
Hi basvhoof,
You are correct about Normal mode. Normal mode means Defender is acting as the primary AV. It is not enough to set up just the registry key, you also need a server to be onboarded to Defender for Endpoint before it can go to the passive mode. Has this server been onboarded to the MDE? https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide
Hi basvhoof,
You are correct about Normal mode. Normal mode means Defender is acting as the primary AV. It is not enough to set up just the registry key, you also need a server to be onboarded to Defender for Endpoint before it can go to the passive mode. Has this server been onboarded to the MDE? https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide
- Very helpful thanks. Does that mean though that should still set the registry key to enable passive mode ahead prior to be being onboarded into MDE, and it will then activate passive mode once onboarded?
Or only set that registry after onboarded?gilblumberg, that's correct. You need to set the registry key first, and once onboarded, the passive mode gets activated. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2?view=o365-worldwide
If you try to do this later, the tamper protection will prevent you from changing the registry. And you do not want to disable the tamper protection. Therefore, it is best to have the registry key before you have onboarded a server.
- Thanks for your reply, server is not onboarded yet. Primary AV at this moment is a non-Microsoft antivirus/antimalware solution. So we assumed it should be in Passive mode using the PowerShell command.
