Microsoft Defender for Endpoint has been updated to isolate unmanaged Windows devices within organizations' networks that have been impacted or suspected to be affected by cyberattacks, BleepingComputer reports.
Microsoft noted that Defender for Endpoint will be preventing communications to and from devices that have been flagged as contained in an effort to curb lateral movement among threat actors.
"This action can help prevent neighboring devices from becoming compromised while the security operations analyst locates, identifies, and remediates the threat on the compromised device," added Microsoft. System administrators looking to determine whether their devices are compromised could check the Microsoft 365 Defender portal's 'Device Inventory' page and then select the 'Contain device' option and the 'Confirm' prompt, with communication blocking effective five minutes upon device containment.
Devices that have been isolated could be removed from containment by selecting an option within 'Device Inventory'. However, such device containment feature could only be used in devices running Windows 10 or Windows Server 2019 and later, according to Microsoft.
Risk Assessments/Management, Breach, Endpoint/Device Security, Cloud Security
Compromised unmanaged devices isolated by Microsoft Defender
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds