Defender for Endpoint - EDR Block Mode

Brass Contributor

Hi All,


Is there anyway to verify that MDE is in block on mode on any given endpoint?  Is there a powershell command or similar we can use to verfy that EDR Block Mode is actually enabled?  Other than having it turned on in the Security Center's Advance Features section?


I have it turned on yet I see some Endpoints still showing security recommendations to turn it on.  Freshly onboarded and latest version of windows 10.  Defender is in active mode.


Any ideas?


Thanks in advance.

0 Replies