In this episode of Defender Tactical, I walk you through how to isolate a compromised device in Microsoft Defender for Endpoint—right in the middle of an investigation.
When threats strike, every second counts. Isolating a device can help you:
đź”’ Stop lateral movement in its tracks
⏳ Buy time to investigate safely
🛠️ Prevent the spread of malware to other endpoints
In this quick tutorial, you’ll learn:
âś… How to isolate a device from the Microsoft 365 Defender portal
âś… What the end-user sees when isolation is triggered
âś… How to un-isolate once remediation is complete
✅ What to do if Defender can’t release a device from isolation (and how to fix it)
If you’re managing incidents and want to be confident in your containment tactics, this video is for you.
đź”— Subscribe for more Defender Tactical videos
đź‘Ť Like the video if it helped
đź’¬ Drop a comment if you have questions or use this in your own investigations!