Can Microsoft Defender For Endpoint Support Isolation?

Issue

Can a user use regular Group settings or other Defender attributes to isolate a specific Endpoint?

Environment

Red Canary Automate

Microsoft Defender for Endpoint

Resolution

• This action is not currently supported for macOS and Linux. Use Live Response to run the action. For more information on live response, see Investigate entities on devices using Live Response.
• Full isolation is available for devices on Windows 10, version 1703, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2022.
  Selective isolation is available for devices on Windows 10, version 1709 or later.
• When isolating a device, only certain processes and destinations are allowed. Therefore, devices that are behind a full VPN tunnel won't be able to reach the Microsoft Defender for Endpoint cloud service after the device is isolated. We recommend using a split-tunneling VPN for Microsoft Defender for Endpoint and Microsoft Defender Antivirus cloud-based protection-related traffic.

Cause

Feature is not currently available for macOS and Linux, the product team has created a feature request to be added in a later release.