MDE Device Isolation

This guide will show an administrator how to initiate a device isolation on a machine that is showing signs of compromise.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: TBD

Domain: TBD

Modifies: TBD

Defender for Endpoint Device Isolation

  1. Navigate to the Device Inventory – Microsoft Defender portal, locate and select the device you wish to initiate the isolation action on.
  2. A pop-out will generate displaying device information for the entry, locate and select the three dots, followed by selecting the Isolate Device action.
  3. A prompt will be generated asking for finalization on the isolation action, select Confirm to complete device isolation.

Need Assistance?

Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.