From 09d6f140eb965da414ab5ec15067406380bad390 Mon Sep 17 00:00:00 2001
From: "Yong Rhee [MSFT]" <56358587+YongRhee-MSFT@users.noreply.github.com>
Date: Tue, 21 Jan 2025 08:34:57 -0800
Subject: [PATCH 1/2] Update microsoft-defender-antivirus-compatibility.md

Added info about the EDR response actions.
---
 defender-endpoint/microsoft-defender-antivirus-compatibility.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/defender-endpoint/microsoft-defender-antivirus-compatibility.md b/defender-endpoint/microsoft-defender-antivirus-compatibility.md
index c53d7c84e8..b8468caa53 100644
--- a/defender-endpoint/microsoft-defender-antivirus-compatibility.md
+++ b/defender-endpoint/microsoft-defender-antivirus-compatibility.md
@@ -213,6 +213,7 @@ You can use one of several methods to confirm the state of Microsoft Defender An
 > - To switch Microsoft Defender Antivirus to passive mode, even if it was disabled before onboarding, you can apply the [ForceDefenderPassiveMode configuration](switch-to-mde-phase-2.md#set-microsoft-defender-antivirus-to-passive-mode-on-windows-server) with a value of `1`. To place it into active mode, switch this value to `0` instead.
 > 
 > Note the modified logic for `ForceDefenderPassiveMode` when tamper protection is enabled: Once Microsoft Defender Antivirus is toggled to active mode, tamper protection prevents it from going back into passive mode even when `ForceDefenderPassiveMode` is set to `1`.
+> All Microsoft Defender for Endpoint – EDR response actions work in Passive mode whether or not in EDR in block mode.
 
 ### Use the Windows Security app to identify your antivirus app
 

From 63a51f97c860bc991e170e59a980a0927587115a Mon Sep 17 00:00:00 2001
From: Emm Walsh <ewalsh@microsoft.com>
Date: Thu, 23 Jan 2025 12:55:00 +0000
Subject: [PATCH 2/2] Clarify EDR response actions in passive mode

---
 defender-endpoint/microsoft-defender-antivirus-compatibility.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/defender-endpoint/microsoft-defender-antivirus-compatibility.md b/defender-endpoint/microsoft-defender-antivirus-compatibility.md
index b8468caa53..7c771d1a9d 100644
--- a/defender-endpoint/microsoft-defender-antivirus-compatibility.md
+++ b/defender-endpoint/microsoft-defender-antivirus-compatibility.md
@@ -213,7 +213,7 @@ You can use one of several methods to confirm the state of Microsoft Defender An
 > - To switch Microsoft Defender Antivirus to passive mode, even if it was disabled before onboarding, you can apply the [ForceDefenderPassiveMode configuration](switch-to-mde-phase-2.md#set-microsoft-defender-antivirus-to-passive-mode-on-windows-server) with a value of `1`. To place it into active mode, switch this value to `0` instead.
 > 
 > Note the modified logic for `ForceDefenderPassiveMode` when tamper protection is enabled: Once Microsoft Defender Antivirus is toggled to active mode, tamper protection prevents it from going back into passive mode even when `ForceDefenderPassiveMode` is set to `1`.
-> All Microsoft Defender for Endpoint – EDR response actions work in Passive mode whether or not in EDR in block mode.
+>Microsoft Defender for Endpoint – EDR response actions always operate in Passive mode, even if EDR is in block mode.
 
 ### Use the Windows Security app to identify your antivirus app