Can a user use regular Group settings or other Defender attributes to isolate a specific Endpoint?
Red Canary Automate
Microsoft Defender for Endpoint
- Full isolation is available for devices on:
- Windows 10, version 1703, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2022. Selective isolation is available for devices on Windows 10, version 1709 or later.
- macOS 101.98.84
- Linux 101.43.84
- When isolating a device, only certain processes and destinations are allowed. Therefore, devices that are behind a full VPN tunnel won't be able to reach the Microsoft Defender for Endpoint cloud service after the device is isolated. We recommend using a split-tunneling VPN for Microsoft Defender for Endpoint and Microsoft Defender Antivirus cloud-based protection-related traffic.
Feature is not currently available for macOS and Linux, the product team has created a feature request to be added in a later release. (As of 02/07/2024 this is no longer the case)