Guidelines have been created for what can be done with Microsoft Defender for Endpoint (MDE) in Passive mode alongside third-party solutions vs Active mode. The Deploying Microsoft Defender for Endpoint Alongside Third-party Security Products guidance has been added to the security playbook (aka.ms/FTSecurityPlaybook) under the MDE section.
The document helps to:
- Identify scenarios where MDE can coexist with third party Endpoint Detection and Response (EDR) and Endpoint Protection Platform (EPP) products.
- Describe MDE features and benefits when Antivirus (AV) is in passive mode.
- Describe how MDE can improve security posture when a third party EDR or EPP product is present.
What did not change?
The MDE Deployment guidance contains:
- Onboard devices to Microsoft Defender for Endpoint (MDE)
- Configure Endpoint protection that meets customer needs:
- Best posture: MDE Active Mode
- Next best posture: MDE Passive Mode with EDR in Block Mode
- Next best posture: MDE Passive Mode
- Recommend running Secure Score regularly and implementing a plan to remediate findings
