Microsoft Defender adds automatic endpoint isolation
🛡️ Microsoft is previewing a Defender for Endpoint capability that automatically isolates compromised endpoints as part of automatic attack disruption. Isolated devices are disconnected from the network to limit lateral movement and data exfiltration but remain connected to the Microsoft Defender for Endpoint service for ongoing monitoring. The feature applies to onboarded end-user workstations and can be released by security operators after investigation and remediation.
