Microsoft Defender now auto-isolates compromised accounts

Microsoft Defender for Endpoint now uses automatic attack disruption to isolate compromised user accounts and block lateral movement in hands-on-keyboard attacks with the help of a new ‘contain user’ capability in public preview.

According to Microsoft, Defender for Endpoint now prevents attackers’ lateral movement attempts within victims’ on-premises or cloud IT infrastructure by temporarily isolating the compromised user accounts they might exploit to achieve their objectives.

“Attack disruption achieves this outcome by containing compromised users across all devices to outmaneuver attackers before they have the chance to act maliciously, such as using accounts to move laterally, performing credential theft, data exfiltration, and encrypting remotely,” said Rob Lefferts, Corporate Vice President for Microsoft 365 Security.

According to Microsoft, when the initial stages of a human-operated attack are detected on an endpoint using signals from various Microsoft 365 Defender workloads, the automated attack disruption future will block the attack on that device.

Microsoft added automatic attack disruption to its Microsoft 365 Defender XDR solution in November 2022 during its annual Microsoft Ignite conference for developers and IT professionals.

LinkedIn Smart Links attacks return to target Microsoft accounts.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project’s scope
  • You get an all-inclusive, no engagement proposal
This field is for validation purposes and should be left unchanged.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g:,, etc.)



Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.
This site is registered on as a development site. Switch to a production site key to remove this banner.