Unable to set Server 2019 1809 Defender passive mode

A S 1 Reputation point

I've to set a Windows Server 2019 1809 Defender into passive mode.
I followed the instructions on microsoft-defender-antivirus-on-windows-server and set Defender into passive mode using a registry key. I also did a reboot of the server.

Path: HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
Name: ForceDefenderPassiveMode
Value: 1

To check Defender mode I run the powershell commad "Get-MpComputerStatus" to get the AMRunningMode, as discribed here:
edr-in-block-mode - How do I confirm Microsoft Defender Antivirus is in active or passive mode?.

As result, AMRunningMode is still "Normal" instead "Passive Mode".

I'm wondering, why the registry key isn't working.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,555 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Leon Laude 85,701 Reputation points

    Hi @A S ,

    Have you made sure you meet all the requirements to run Microsoft Defender Antivirus in passive mode?

    Requirements for Microsoft Defender Antivirus to run in passive mode

    In order for Microsoft Defender Antivirus to run in passive mode, endpoints must meet the following requirements:

    • Operating system: Windows 10 or later; Windows Server, version 1803, or newer; or Windows Server 2019
    • Microsoft Defender Antivirus must be installed
    • Another non-Microsoft antivirus/antimalware product must be installed and used as the primary antivirus solution
    • Endpoints must be onboarded to Defender for Endpoint



    If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!

    Best regards,

  2. Sebastian Cerazy 306 Reputation points

    The last condition is as vital as other 3 - Endpoints must be onboarded to Defender for Endpoint https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-endpoints-script?view=o365-worldwide Without it there is no way to nake it Passive, as soon as it is onboarded, it becomes Passive instantly Seb

    0 comments No comments