Security News > 2022 > June > Microsoft Defender now isolates hacked, unmanaged Windows devices
Microsoft has announced a new feature for Microsoft Defender for Endpoint to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network.
There's a catch: the new MDE capability works only with onboarded devices running Windows 10 and later or Windows Server 2019 and later.
"Only devices running on Windows 10 and above will perform the Contain action meaning that only devices running Windows 10 and above that are enrolled in Microsoft Defender for Endpoint will block 'contained' devices at this time," Microsoft added.
Go to the 'Device inventory' page in the Microsoft 365 Defender portal and select the device to contain.
After you contain an unmanaged device, it can take up to 5 minutes for Microsoft Defender for Endpoint onboarded devices to start blocking communications.
If any of the contained devices on the network will change its IP address, all enrolled devices will recognize this and begin blocking communications with the new IP address.
News URL
Related news
- Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls (source)
- Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs (source)
- Microsoft testing Windows 11 support for third-party passkeys (source)
- Microsoft asks Windows Insiders to try out the controversial Recall feature (source)
- Microsoft blocks Windows 11 24H2 on some PCs with USB scanners (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft says having a TPM is "non-negotiable" for Windows 11 (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)