Microsoft Defender for Endpoint now uses automatic attack disruption to isolate compromised user accounts and block lateral movement in hands-on-keyboard attacks with the help of a new ‘contain user’ capability in public preview.
According to Microsoft, Defender for Endpoint now prevents attackers’ lateral movement attempts within victims’ on-premises or cloud IT infrastructure by temporarily isolating the compromised user accounts they might exploit to achieve their objectives.
“Attack disruption achieves this outcome by containing compromised users across all devices to outmaneuver attackers before they have the chance to act maliciously, such as using accounts to move laterally, performing credential theft, data exfiltration, and encrypting remotely,” said Rob Lefferts, Corporate Vice President for Microsoft 365 Security.
According to Microsoft, when the initial stages of a human-operated attack are detected on an endpoint using signals from various Microsoft 365 Defender workloads, the automated attack disruption future will block the attack on that device.
Microsoft added automatic attack disruption to its Microsoft 365 Defender XDR solution in November 2022 during its annual Microsoft Ignite conference for developers and IT professionals.
LinkedIn Smart Links attacks return to target Microsoft accounts.