From 51f19fe9247751842ce48ae2fbf095fab858b0da Mon Sep 17 00:00:00 2001
From: Marysia Kaminska <85372436+marysiakam9889@users.noreply.github.com>
Date: Mon, 28 Feb 2022 11:25:01 -0800
Subject: [PATCH] Update defender-csp.md
adding new EDR block CSP (PassiveRemediation)
to be merged on date of next platform release & confirmed by Denise
---
windows/client-management/mdm/defender-csp.md | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index ef25d5205b..5cfdf4faa9 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -75,6 +75,7 @@ Defender
--------EngineUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
--------SecurityIntelligenceUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
--------DisableGradualRelease (Added with the 4.18.2106.5 Defender platform release)
+--------PassiveRemediation (Added with the 4.18.2202.X Defender platform release)
----Scan
----UpdateSignature
----OfflineScan (Added in Windows 10 version 1803)
@@ -821,6 +822,16 @@ More details:
- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)
- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)
+**Configuration/PassiveRemediation**
+This policy setting enables or disables EDR in block mode (recommended for devices running Microsoft Defender Antivirus in passive mode). For more information, see Endpoint detection and response in block mode | Microsoft Docs. Available with platform release: 4.18.2202.X
+
+The data type is integer
+
+Supported values:
+- 1: Turn EDR in block mode on
+- 0: Turn EDR in block mode off
+
+
**Scan**
Node that can be used to start a Windows Defender scan on a device.