Microsoft 365 Defender
      Back to home
      1. Sittadel Knowledge Base
      2. Microsoft Knowledge Hub
      3. Microsoft 365 Defender

      Defender for Endpoint Device Isolation Work Instruction

      This work instruction will allow an administrator to initiate a device isolation on a machine that is showing signs of compromise.

      This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

      Procedure Scope: Administrators

      Required Group Membership: Admin.SecurityIncident

      1. Navigate to the Device Inventory – O365 Defender, select the device in question.
      2. Select the three dots, locate the Isolate Device option.
      3. A prompt will be generated asking for finalization on the isolation action, select Confirm to complete device isolation.

      You're Finished!

      You should have successfully isolated the specified device and can now commence the remediation process. For any other problems or questions, reach out to us!