Microsoft Defender can now automatically isolate hacked endpoints
Microsoft Defender can now automatically isolate hacked endpoints
Microsoft is testing a Microsoft Defender for Endpoint feature that automatically isolates compromised devices to hinder lateral movement. It severs network access while keeping management channels live for investigation and recovery.
This compresses response time and shifts containment from manual playbooks to policy. Teams should validate coverage on critical assets, tune isolation thresholds, and define override paths to limit disruption.
️ Open sources - closed narratives
Source: Telegram "sitreports"