Using MDE (Passive Mode) with Palo Alto Cortex XDR to enable Defender for IoT (Enterprise IoT)

MDE in Passive Mode for Enterprise IoT:

Yes - the Defender for Endpoint can run in Passive Mode alongside other XDR and still act as the sensor for Enterprise IoT. Enterprise IoT discovery and monitoring rely on MDE’s device discovery and network telemetry, not on Defender being the primary EDR or antivirus. Running MDE in Passive Mode preserves the IoT inventory, vulnerability insights, recommendations, and alerts in Defender XDR, with response actions remaining with the primary EDR. 

Appliance sensor in Enterprise IT networks:

No - the Defender for IoT appliance (network) sensor is designed for OT/ICS environments, not for enterprise IT (offices/campuses). For Enterprise IoT, the recommended approach is MDE based discovery.

NOTE:  If i am correct, the use of standalone Enterprise IoT sensor model is now deprecated in favor of utilising the MDE agents even though when MDE operates in Passive Mode. 

Coexistence and complementary sensors:

Coexistence is technically possible but not recommended for Enterprise IoT. Use MDE-based Enterprise IoT for corporate IT and OT sensors only where OT/ICS exists. Deploying both for the same enterprise IT segments adds complexity without additional EIoT value and can create unnecessary overlap; licensing also differs, with OT sensors licensed separately

If you find the answer useful, please do not forget to like and mark it as a solution 🙂