Forum Discussion
MDATP in passive mode
Hello everyone, I am currently using 3rd party AV, will having MDATP installed in passive mode allows blocking unsanctioned apps ?
The blocking settings for Unsanctioned App set in MCAS are applied to the Indicator settings of Defender for Endpoints.
I understand that the Defender for Endpoints Indicator settings currently work well on Windows 10 1709 and above or iOS.
And, I think that enabling Network Protection is a prerequisite for Windows 10.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/indicator-ip-domain?view=o365-worldwide#before-you-begin
Even if Defender for Endpoints is in Block mode, it is stated that Defender AV must be running in Active mode in order to use Network Protection, resulting in Defender AV in Active mode. Will be needed.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide#what-is-edr-in-block-mode
I understand that the Defender for Endpoints Indicator settings currently work well on Windows 10 1709 and above or iOS.
And, I think that enabling Network Protection is a prerequisite for Windows 10.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/indicator-ip-domain?view=o365-worldwide#before-you-begin
Even if Defender for Endpoints is in Block mode, it is stated that Defender AV must be running in Active mode in order to use Network Protection, resulting in Defender AV in Active mode. Will be needed.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide#what-is-edr-in-block-mode