Security News > 2022 > June > Microsoft Defender now isolates hacked, unmanaged Windows devices
Microsoft has announced a new feature for Microsoft Defender for Endpoint to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network.
There's a catch: the new MDE capability works only with onboarded devices running Windows 10 and later or Windows Server 2019 and later.
"Only devices running on Windows 10 and above will perform the Contain action meaning that only devices running Windows 10 and above that are enrolled in Microsoft Defender for Endpoint will block 'contained' devices at this time," Microsoft added.
Go to the 'Device inventory' page in the Microsoft 365 Defender portal and select the device to contain.
After you contain an unmanaged device, it can take up to 5 minutes for Microsoft Defender for Endpoint onboarded devices to start blocking communications.
If any of the contained devices on the network will change its IP address, all enrolled devices will recognize this and begin blocking communications with the new IP address.
News URL
Related news
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft: Windows 11 22H2 reaches end of support in 60 days (source)
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Microsoft retires Windows updates causing 0x80070643 errors (source)
- Microsoft removes FAT32 partition size limit in Windows 11 (source)
- Microsoft to rollout Windows Recall to Insiders in October (source)
- Microsoft to roll out Windows Recall to Insiders in October (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)
- Microsoft Delays Recall Launch for Windows Insider Members Until October (source)
- Microsoft is trying to reduce Windows 11's desktop spotlight clutter (source)