If you’re using a non-Microsoft antivirus/antimalware product, you can run Microsoft Defender Antivirus in passive mode with non-Microsoft antivirus solution.
Comparing active mode, passive mode, and disabled mode
The following table describes what to expect when Microsoft Defender Antivirus is in active mode, passive mode, or disabled.
First you need to know who is protecting you
By going to search —– type security choose windows security then under who is protecting me? —-manage providers
Or from power shell
Get-MpComputerStatus | FL amrunningmode
The results will be as follows.
Normal: Microsoft Defender Antivirus is running in active mode.
Passive: Microsoft Defender Antivirus is running but not a primary antivirus/malware solution. Passive mode is only available for devices onboarded to defender for endpoint.
There are some requirements for passive mode.
EDR Block Mode: Microsoft Defender Antivirus is running and Endpoint detection and response (EDR) in block mode, a capability in Microsoft Defender for Endpoint, is enabled.
let’s talk about two parts when defender antivirus alongside with non-Microsoft antivirus/antimalware.
- Antivirus protection without defender for endpoint
- Antivirus protection with defender for endpoint
Antivirus protection without Defender for Endpoint
So, if the primary is Microsoft, then it will be active mode if primary is non Microsoft, it will be disabled (if not boarded to endpoint) so it is better to onboard it.
For servers it is not automatically you have to change registry.
Microsoft Defender Antivirus and non-Microsoft antivirus/antimalware solutions
Now how the defender for endpoint affects functionality when onboarded.
The following table will summarize features and capabilities that will be working or not.
Microsoft Systems, Cloud and azure professionals 