Is there anyway to verify that MDE is in block on mode on any given endpoint? Is there a powershell command or similar we can use to verfy that EDR Block Mode is actually enabled? Other than having it turned on in the Security Center's Advance Features section?
I have it turned on yet I see some Endpoints still showing security recommendations to turn it on. Freshly onboarded and latest version of windows 10. Defender is in active mode.