Cybersecurity News

Microsoft Defender now isolates hacked, unmanaged Windows devices

Microsoft has announced a new feature for Microsoft Defender for Endpoint to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network.

There’s a catch: the new MDE capability works only with onboarded devices running Windows 10 and later or Windows Server 2019 and later.

“Only devices running on Windows 10 and above will perform the Contain action meaning that only devices running Windows 10 and above that are enrolled in Microsoft Defender for Endpoint will block ‘contained’ devices at this time,” Microsoft added.

Go to the ‘Device inventory’ page in the Microsoft 365 Defender portal and select the device to contain.

After you contain an unmanaged device, it can take up to 5 minutes for Microsoft Defender for Endpoint onboarded devices to start blocking communications.

If any of the contained devices on the network will change its IP address, all enrolled devices will recognize this and begin blocking communications with the new IP address.

Stay on Top of Cyber Threats!
Subscribe to our monthly bulletin to stay updated on major cybersecurity risks.

Recent Cybersecurity News

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

No engagement. We answer within 24h.
Scroll to Top

BOOK A MEETING WITH AN EXPERT

Enter Your Corporate Email