Apr 11 2021 04:46 PM - edited Apr 12 2021 07:33 PM
Microsoft documentation states EDR feature is supported on older windows server versions like Server 2012/2016. Then it goes on to say to deploy the MMA agent. But, isn't MMA agent just a read-only log analytics agent that can only report the status of the server but can take no action.
Hence, EDR means only detection but no response. Am I correct in understanding that? We are evaluating Defender for Servers and have gone through quite a lot of documentation but still no definitive answer.