Risk Assessments/Management, Breach, Endpoint/Device Security, Cloud Security

Compromised unmanaged devices isolated by Microsoft Defender

Microsoft Defender for Endpoint has been updated to isolate unmanaged Windows devices within organizations' networks that have been impacted or suspected to be affected by cyberattacks, BleepingComputer reports. Microsoft noted that Defender for Endpoint will be preventing communications to and from devices that have been flagged as contained in an effort to curb lateral movement among threat actors. "This action can help prevent neighboring devices from becoming compromised while the security operations analyst locates, identifies, and remediates the threat on the compromised device," added Microsoft. System administrators looking to determine whether their devices are compromised could check the Microsoft 365 Defender portal's 'Device Inventory' page and then select the 'Contain device' option and the 'Confirm' prompt, with communication blocking effective five minutes upon device containment. Devices that have been isolated could be removed from containment by selecting an option within 'Device Inventory'. However, such device containment feature could only be used in devices running Windows 10 or Windows Server 2019 and later, according to Microsoft.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.