Microsoft is testing a new Defender for Endpoint capability that can automatically isolate compromised devices to stop lateral movement and reduce the impact of attacks. The preview feature keeps isolated endpoints connected to Microsoft Defender for Endpoint for monitoring and is part of automatic attack disruption. #Microsoft #DefenderforEndpoint
Keypoints
- Microsoft is previewing automatic isolation for compromised endpoints in Defender for Endpoint.
- The feature is designed to limit attacker lateral movement and contain incidents faster.
- Isolated devices lose network access but stay connected to Microsoft Defender for Endpoint monitoring.
- Security teams can release devices from isolation after investigation and risk mitigation.
- Microsoft is also expanding isolation and scanning capabilities across Windows and Linux devices.