Has anyone had any experience with swapping out SEP for Defender ATP?

We are looking at deploying Defender ATP as a “minimum viable product” with some of the more aggressive settings enabled in “Audit only” mode - If this is done – then the protection is not in place…?

So do we need to run SEP + Defender ATP in Audit only mode together for a period?

Then turn on Defender ATP policies in enforcement mode + remove SEP?

Has anyone done this in scale anywhere?

We’re assuming that someone has – any potential dramas to be aware of that we should avoid?