Aug 04 2021 09:19 AM
HI Team
Cannot we enable block mode on some machines and audit mode on some machines for ATP/EDR? In Mcafee and other vendors, we have an option to deploy EDR in audit mode on some machines and block mode on others. DO wehave same in MS here. Please elaborate.
Aug 06 2021 09:27 AM
@Harithacissp EDR in block mode provides an additional layer of protections against malicious artifacts when Microsoft Defender Av is not the primary product and is running in passive mode. Please check the official document for more info
Endpoint detection and response in block mode | Microsoft Docs