New Microsoft Defender Feature Helps To Isolate Hacked, Vulnerable Devices

A new Microsoft Defender for Endpoint (MDE) feature will help organizations prevent attackers and malware from using compromised or vulnerable systems to move through networks.

Once compromised vulnerable Windows devices are contained by the new feature, the enterprise endpoint security platform will instruct Windows systems on the network to block all communication to and from the device.

However, the new feature is limited since it only works with onboarded devices running Windows 10 and later or Windows Server 2019 and later.

“Only devices running on Windows 10 and above will perform the Contain action meaning that only devices running Windows 10 and above that are enrolled in Microsoft Defender for Endpoint will block ‘contained’ devices at this time,” Microsoft explains.

To contain a potentially compromised device, administrators are advised to go to the Device Inventory page of the Microsoft 365 Defender portal and select the device to contain. Next, they can select ‘Contain device’ from the actions menu in the device flyout. Lastly, they can type a comment on the contain device group and select ‘Confirm.’

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web