Forum Discussion

Copper Contributor

Mar 03, 2023

Solved

Onboarding Windows Server 2022 to MDE.

Currently we are preparing to to move from a non-Microsoft endpoint protection solution to https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=...

Antons Bukels
Mar 03, 2023
Hi basvhoof,

You are correct about Normal mode. Normal mode means Defender is acting as the primary AV. It is not enough to set up just the registry key, you also need a server to be onboarded to Defender for Endpoint before it can go to the passive mode. Has this server been onboarded to the MDE? https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide

gilblumberg

Iron Contributor

Mar 06, 2023

Very helpful thanks. Does that mean though that should still set the registry key to enable passive mode ahead prior to be being onboarded into MDE, and it will then activate passive mode once onboarded?

Or only set that registry after onboarded?

Antons Bukels

Brass Contributor

Mar 06, 2023

gilblumberg, that's correct. You need to set the registry key first, and once onboarded, the passive mode gets activated. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2?view=o365-worldwide

If you try to do this later, the tamper protection will prevent you from changing the registry. And you do not want to disable the tamper protection. Therefore, it is best to have the registry key before you have onboarded a server.