Defender for Endpoint - EDR Block Mode

New Contributor

Hi All,

 

Is there anyway to verify that MDE is in block on mode on any given endpoint?  Is there a powershell command or similar we can use to verfy that EDR Block Mode is actually enabled?  Other than having it turned on in the Security Center's Advance Features section?

 

I have it turned on yet I see some Endpoints still showing security recommendations to turn it on.  Freshly onboarded and latest version of windows 10.  Defender is in active mode.

 

Any ideas?

 

Thanks in advance.

0 Replies