cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Onboarding Windows Server 2022 to MDE.

basvhoof
Copper Contributor

‎Mar 03 2023 02:30 AM

‎Mar 03 2023 02:30 AM

Onboarding Windows Server 2022 to MDE.

Currently we are preparing to to move from a non-Microsoft endpoint protection solution to Microsoft Defender for Endpoint. On Windows Server 2022 we did set the registry key to enable passive mode(ForceDefenderPassiveMode = 1). Behavior is 2022 servers are in passive mode, but when we check the state using Powershell(Get-MpComputerStatus | select AMRunningMode) it is giving Mode =Normal.

We expect Mode is "Passive" instead of "Normal". 

Is this all correct or should it be as expected("Passive" Mode)?

1,825 Views
1 Like
4 Replies
Reply
4 Replies
best response confirmed by basvhoof (Copper Contributor)
Antons Bukels

‎Mar 03 2023 03:47 AM

‎Mar 03 2023 03:47 AM

Solution

Re: Onboarding Windows Server 2022 to MDE.

Hi @basvhoof,

 

You are correct about Normal mode. Normal mode means Defender is acting as the primary AV. It is not enough to set up just the registry key, you also need a server to be onboarded to Defender for Endpoint before it can go to the passive mode. Has this server been onboarded to the MDE? https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivi... 

1 Like
Reply
basvhoof

‎Mar 03 2023 04:36 AM

‎Mar 03 2023 04:36 AM

Re: Onboarding Windows Server 2022 to MDE.

Thanks for your reply, server is not onboarded yet. Primary AV at this moment is a non-Microsoft antivirus/antimalware solution. So we assumed it should be in Passive mode using the PowerShell command.
0 Likes
Reply
gilblumberg

‎Mar 05 2023 06:12 PM

‎Mar 05 2023 06:12 PM

Re: Onboarding Windows Server 2022 to MDE.

Very helpful thanks. Does that mean though that should still set the registry key to enable passive mode ahead prior to be being onboarded into MDE, and it will then activate passive mode once onboarded?

Or only set that registry after onboarded?
0 Likes
Reply
Antons Bukels

‎Mar 06 2023 05:41 AM

‎Mar 06 2023 05:41 AM

Re: Onboarding Windows Server 2022 to MDE.

@gilblumberg, that's correct. You need to set the registry key first, and once onboarded, the passive mode gets activated. Migrate to Microsoft Defender for Endpoint - Setup | Microsoft Learn

 

If you try to do this later, the tamper protection will prevent you from changing the registry. And you do not want to disable the tamper protection. Therefore, it is best to have the registry key before you have onboarded a server.

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by basvhoof (Copper Contributor)
Antons Bukels

‎Mar 03 2023 03:47 AM

‎Mar 03 2023 03:47 AM

Solution

Re: Onboarding Windows Server 2022 to MDE.

Hi @basvhoof,

 

You are correct about Normal mode. Normal mode means Defender is acting as the primary AV. It is not enough to set up just the registry key, you also need a server to be onboarded to Defender for Endpoint before it can go to the passive mode. Has this server been onboarded to the MDE? https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivi... 

View solution in original post

1 Like
Reply