Forum Discussion
We have some Sophos Endpoints, what would happen if I enrolled them into the MS Defender cloud?
We have a small percentage of high value users that we upgraded standard endpoint to Sophos Endpoint with Intercept X. For the remainder of the devices, I have begun enrolling them into MS 365 Defen...
It would work fine, Defender would show as being in EDR Block Mode, Sophos would still be the active AV.
To switch tamper off on Sophos, uninstall anmd then Defender (after reboot) would become the active AV.
We're mid migrating all devices off of Sophos so are familiar with how it works. If Sophos is active AV, you still get most of the rich info from Defender, and a little bit of extended protection from EDR block mode (which is a post infection detection defence, as opposed to the proactive that the AV is providing)
To switch tamper off on Sophos, uninstall anmd then Defender (after reboot) would become the active AV.
We're mid migrating all devices off of Sophos so are familiar with how it works. If Sophos is active AV, you still get most of the rich info from Defender, and a little bit of extended protection from EDR block mode (which is a post infection detection defence, as opposed to the proactive that the AV is providing)
If Sophos is just AV, it will work fine as others have mentioned.
MDE does not support environments with other EDR software installed(or so I was told by support in the past), so you should check if Intercept X includes EDR functionality though.
I do not have any experience with Sophos, but looking at the link below it looks like EDR might be included.
https://www.sophos.com/en-us/products/endpoint-antivirus
