Microsoft Defender can now automatically isolate hacked endpoints
2 min read
Microsoft Defender can now automatically isolate hacked endpoints.
Importantly, this new feature helps protect entire networks. Specifically, it automatically isolates compromised endpoints. Moreover, this stops attackers from moving to other devices. However, the device stays connected to Microsoft Defender for Endpoint for monitoring.
Similarly, security teams get more time to fix problems. Therefore, this reduces the risk of widespread damage. Consequently, organizations can better defend against attacks like ransomware.
| Feature | Availability | Description |
|---|---|---|
| Automatic Device Isolation | Preview (May 2026) | Automatically isolates compromised onboarded end-user workstations from the network while retaining Defender for Endpoint service connectivity to block lateral movement, data exfiltration, and ransomware propagation. |
| Manual Device Containment (Unmanaged Windows) | GA (June 2022) | Admins can manually contain compromised unmanaged Windows devices by cutting off incoming and outgoing communication with onboarded Defender for Endpoint endpoints. |
| Linux Device Isolation | GA (October 2023) | Device isolation support extended to onboarded Linux endpoints, enabling containment of compromised Linux machines within enterprise environments. |
| Automatic Account Isolation | GA (October 2023) | Isolates compromised user accounts as part of automatic attack disruption, specifically targeting and blocking lateral movement in hands-on-keyboard ransomware attacks. |
| Auto-blocking Undiscovered Endpoints | Preview (2025–2026) | Automatically blocks traffic to and from undiscovered Windows endpoints, preventing attackers from breaching non-compromised devices that lack full onboarding. |
Automatic Isolation in Microsoft Defender
Auto-Isolation Thwarts Lateral Movement
“When a device in your organization is suspected to be compromised, Microsoft Defender for Endpoint can automatically isolate the device as part of automatic attack disruption,” Microsoft said.
Ultimately, this update helps protect everyone. In conclusion, it can automatically isolate compromised devices. Looking ahead, this keeps your entire network safer. As a result, it stops attackers from spreading. Therefore, it gives security teams more time. Thus, the system protects important data automatically. Hence, it is a powerful tool for your organization. In summary, it enhances safety for all users. To conclude, it is a positive step forward. Finally, this technology helps create a more secure digital environment for everyone.
Ultimately, this new feature helps organizations protect their systems. Consequently, it stops attackers from moving easily across a network. Thus, security teams get more time to respond to threats.
Therefore, this tool is part of Microsoft’s growing security efforts. In summary, it makes protection more automatic for everyone. Accordingly, it shows a focus on simpler, faster defense for users.
