Security News > 2023 > January > Microsoft Defender can now isolate compromised Linux endpoints
Microsoft announced today that it added device isolation support to Microsoft Defender for Endpoint on onboarded Linux devices.
Enterprise admins can manually isolate Linux machines enrolled as part of a public preview using the Microsoft 365 Defender portal or via API requests.
"Some attack scenarios may require you to isolate a device from the network. This action can help prevent the attacker from controlling the compromised device and performing further activities such as data exfiltration and lateral movement," Microsoft explained.
"Just like in Windows devices, this device isolation feature disconnects the compromised device from the network while retaining connectivity to the Defender for Endpoint service, while continuing to monitor the device."
On Linux endpoints, Microsoft Defender for Endpoint is a command-line product with antimalware and EDR capabilities designed to send all threat info it detects to the Microsoft 365 Defender portal.
Two years ago, Microsoft also announced the addition of live response capabilities for Linux devices in Microsoft Defender for Endpoint and included support for identifying and assessing the security configurations of Linux devices on enterprise networks.