Microsoft Defender can now automatically isolate hacked endpoints
2 min read
Microsoft Defender now offers a powerful new safety tool. Certainly, it can automatically isolate a hacked computer. Moreover, this stops hackers from moving to other devices on the same network. Consequently, your entire system becomes safer.
Furthermore, this automatic isolation feature helps security teams. Specifically, it gives them more time to fix the problem. Additionally, the isolated computer can still talk to the Defender service for monitoring. Importantly, this new protection is currently in a preview stage.
| Feature | Release Status / Timeline | Key Details |
|---|---|---|
| Automatic Device Isolation | In Preview (as of May 2026) | Automatically isolates compromised end-user workstations to prevent lateral movement. Device retains connectivity to Defender for Endpoint for monitoring. Security operators can manually release devices. |
| Manual Containment for Unmanaged Devices | Announced June 20 |
Microsoft Defender Automatic Endpoint Isolation
Notably, Microsoft Defender now offers automatic isolation for hacked endpoints. In addition, this feature aims to block lateral movement by attackers. Consequently, it cuts off the compromised device from the network. Therefore, everyone gains more time for security teams to respond.
Containing Breaches Automatically
“Automatic isolation helps reduce the risk of further impact on the organization, limit attacker lateral movement, and prevent impacts such as data exfiltration and ransomware propagation.”
Ultimately, this represents a significant shift toward proactive, automated network defense. Consequently, it can substantially reduce the risk of attackers spreading within a network. Therefore, security teams gain critical time to respond to threats.
In summary, the feature wisely balances automation with necessary human oversight. Thus, automatic isolation should be deployed carefully to avoid disrupting legitimate work. As a result, organizations can implement a powerful, layered security strategy. Accordingly, this preview allows for valuable testing and feedback.
