Hello Everyone,
We're currently in the process of onboarding MDE via scripts on several Windows 10 and 11 PCs. These PCs have proxies configured in Settings > Network & internet > Proxy > Manual proxy setup. Additionally, they have a 3rd party EDR solution active.
While the onboarding scripts run without errors, the devices aren't appearing online in the defender portal under Assets. Upon running the Analyzer tool, we identified communication errors. Unfortunately, we couldn't utilize PSExec due to restrictions imposed by the 3rd party EDR.
Here are the areas where we need guidance:
1. Is the proxy configuration method correct? Does it ensure that all traffic initiated from the PC passes through the proxy, including Defender for Endpoint traffic?
2. What's the ideal proxy configuration method for Windows?
3. Since we can't use Powershell or PSExec, is there an alternative method to check Defender version and service status?
4. Should we exempt the path "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection" and allow Powershell scripts from this location?
5. Will allowing all the URLs provided by Microsoft in the Excel file ensure full functionality of MDE? Can we allow based on IP with Proxy setup instead of URLs?
6. Is it necessary to exempt the processes used by MDE in Windows 10 and 11 from the 3rd party EDR?
Awaiting your valuable insights and assistance on these queries.
Thanks in advance.
