Swapping Symantec for Defender ATP

%3CLINGO-SUB%20id%3D%22lingo-sub-1051957%22%20slang%3D%22en-US%22%3ESwapping%20Symantec%20for%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1051957%22%20slang%3D%22en-US%22%3E%3CP%3EHas%20anyone%20had%20any%20experience%20with%20swapping%20out%20SEP%20for%20Defender%20ATP%3F%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EWe%20are%20looking%20at%20deploying%26nbsp%3BDefender%20ATP%20as%20a%20%E2%80%9Cminimum%20viable%20product%E2%80%9D%20with%20some%20of%20the%20more%20aggressive%20settings%20enabled%20in%20%E2%80%9CAudit%20only%E2%80%9D%20mode%20-%26nbsp%3BIf%20this%20is%20done%20%E2%80%93%20then%20the%20protection%20is%20not%20in%20place%E2%80%A6%3F%3C%2FP%3E%3CP%3ESo%20do%20we%20need%20to%20run%20SEP%20%2B%20Defender%20ATP%20in%20Audit%20only%20mode%20together%20for%20a%20period%3F%3C%2FP%3E%3CP%3EThen%20turn%20on%20Defender%20ATP%20policies%20in%20enforcement%20mode%20%2B%20remove%20SEP%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20anyone%20done%20this%20in%20scale%20anywhere%3F%3C%2FP%3E%3CP%3EWe%E2%80%99re%20assuming%20that%20someone%20has%20%E2%80%93%20any%20potential%20dramas%20to%20be%20aware%20of%20that%20we%20should%20avoid%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1055533%22%20slang%3D%22en-US%22%3ERe%3A%20Swapping%20Symantec%20for%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1055533%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F129396%22%20target%3D%22_blank%22%3E%40David%20Caddick%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Has anyone had any experience with swapping out SEP for Defender ATP?


We are looking at deploying Defender ATP as a “minimum viable product” with some of the more aggressive settings enabled in “Audit only” mode - If this is done – then the protection is not in place…?

So do we need to run SEP + Defender ATP in Audit only mode together for a period?

Then turn on Defender ATP policies in enforcement mode + remove SEP?

 

Has anyone done this in scale anywhere?

We’re assuming that someone has – any potential dramas to be aware of that we should avoid?

1 Reply