MICROSOFT DEFENDER XDR & SENTINEL ARCHITECTURE

Provides EDR capabilities across Windows, macOS, Linux, and mobile. In a hardened deployment, EDR in block mode is enabled to actively remediate threats even when a third-party AV is present. Attack Surface Reduction rules are deployed via Intune policy with audit mode preceding enforcement.