Defender for Endpoint - EDR Block Mode

%3CLINGO-SUB%20id%3D%22lingo-sub-2424245%22%20slang%3D%22en-US%22%3EDefender%20for%20Endpoint%20-%20EDR%20Block%20Mode%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2424245%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20anyway%20to%20verify%20that%20MDE%20is%20in%20block%20on%20mode%20on%20any%20given%20endpoint%3F%26nbsp%3B%20Is%20there%20a%20powershell%20command%20or%20similar%20we%20can%20use%20to%20verfy%20that%20EDR%20Block%20Mode%20is%20actually%20enabled%3F%26nbsp%3B%20Other%20than%20having%20it%20turned%20on%20in%20the%20Security%20Center's%20Advance%20Features%20section%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20it%20turned%20on%20yet%20I%20see%20some%20Endpoints%20still%20showing%20security%20recommendations%20to%20turn%20it%20on.%26nbsp%3B%20Freshly%20onboarded%20and%20latest%20version%20of%20windows%2010.%26nbsp%3B%20Defender%20is%20in%20active%20mode.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2424245%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EEDR%20Block%20Mode%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMDE%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hi All,

 

Is there anyway to verify that MDE is in block on mode on any given endpoint?  Is there a powershell command or similar we can use to verfy that EDR Block Mode is actually enabled?  Other than having it turned on in the Security Center's Advance Features section?

 

I have it turned on yet I see some Endpoints still showing security recommendations to turn it on.  Freshly onboarded and latest version of windows 10.  Defender is in active mode.

 

Any ideas?

 

Thanks in advance.

0 Replies