Defender for Endpoint Device Isolation Work Instruction

This work instruction will allow an administrator to initiate a device isolation on a machine that is showing signs of compromise.

This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

Procedure Scope: Administrators

Required Group Membership: Admin.SecurityIncident

  1. Navigate to the Device Inventory – O365 Defender, select the device in question.
  2. Select the three dots, locate the Isolate Device option.
  3. A prompt will be generated asking for finalization on the isolation action, select Confirm to complete device isolation.

You're Finished!

You should have successfully isolated the specified device and can now commence the remediation process. For any other problems or questions, reach out to us!