Can a user use regular Group settings or other Defender attributes to isolate a specific Endpoint?
Red Canary Automate
Microsoft Defender for Endpoint
- This action is not currently supported for macOS and Linux. Use live response to run the action. For more information on live response, see Investigate entities on devices using live response
- Full isolation is available for devices on Windows 10, version 1703, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2022.
Selective isolation is available for devices on Windows 10, version 1709 or later.
- When isolating a device, only certain processes and destinations are allowed. Therefore, devices that are behind a full VPN tunnel won't be able to reach the Microsoft Defender for Endpoint cloud service after the device is isolated. We recommend using a split-tunneling VPN for Microsoft Defender for Endpoint and Microsoft Defender Antivirus cloud-based protection-related traffic.
Feature is not currently available for macOS and Linux, the product team has created a feature request to be added in a later release.