Best Practice to Enable Software Blades

We recommend you to enable the Software Blade and the operating modes in the order shown in the table below.

  • Add exclusions before you enable a Software Blade.

  • Enable the Software Blade on a test group before you enable it on the organization level.

table below

Table 1. Order to enable Security Blades at the organization level
Order Software Blade Operating Mode Applicable Group Level
1.1 Anti-Malware1,2,3 Prevent Test
1.2 Prevent Organization
2.1 Forensics Prevent Test
2.2 Off Organization
3.1 Anti-Ransomware and Behavioral Guard1 Detect Test
3.2 Detect Organization
3.3 Prevent Test
3.4 Prevent Organization
4.1 Threat Emulation1 Prevent Test
4.2 Prevent Organization
5.1 Anti-Exploit1 Detect Test
5.2 Detect Organization
5.3 Prevent Test
5.4 Prevent Organization
6.1 Anti-Bot1 and URL Filtering1 Detect Test
6.2 Detect Organization
6.3 Prevent Test
6.4 Prevent Organization
7.1 Analysis and Remediation1 High Test
7.2 High Organization
7.3 Always Test
7.4 Always Organization

1 Add exclusions before enabling the blade.

2 Schedule the scan during non-active period.

3 To add exclusions, see sk122706.