Microsoft Defender P1 and P2 - Any issues?

Brass Contributor

Hi All -

 

I currently subscribe to Defender P1, with no known issues in the past.  Everything worked great after testing and deploying.  I would like to trial out P2, but I want to make sure it will not cause any issues.  It should not, right?  Does anyone have any experience with P2 blocking legitimate services and causing issues?

 

Part 2 - If I turn it on and it does cause issues, is the fastest way to fix it just turning it "off"?  I want to be as prepared as I can be.

 

Thanks

3 Replies
Basing on my experience, I haven't encountered any issues moving users from Defender P1 to P2.

But I suggest doing it on a test user or few users first, then monitor it a few days. Can I also please know what specific services are you asking that might cause an issue?

Part 2:
Typically, you go back from P2 to P1. I also do not see any problems on this. The only issues that I encounter previously (very rare) is when I turn it off for few hours and turn it back on. It takes time sometime for changes to sync to the backend but most of the time there are no issues.
Thanks for your reply. My biggest concern is any type of legacy software that we have setup causing a false positive. Our billing system connections, for example. I am worried about the below 4 items from P2:

Core Defender Vulnerability Management capabilities
Automated investigation and response
Advanced hunting
Endpoint detection and response

I feel confident that it will not cause any issues but just want to be safe! Thanks

@BMoreOs 

Supposed not but you can gain more features on top of Microsoft Defender P1, after the trail of P2 and you decided not to subscribe for some reason, supposedly it will back to P1