This guide will show an administrator how to initiate a device isolation on a MDE enrolled machine that is showing signs of compromise.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: TBD
Domain: TBD
Modifies: TBD
Defender for Endpoint Device Isolation
- Navigate to the Device Inventory – Microsoft Defender portal, select the device in question.
- Select the three dots, locate the Isolate Device option.
- A prompt will be generated asking for finalization on the isolation action, select Confirm to complete device isolation.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.