Microsoft Defender ATP - Isolate/Unisolate Assets
- 27 Jan 2025
- 1 Minute to read
- Print
- DarkLight
- PDF
Microsoft Defender ATP - Isolate/Unisolate Assets
- Updated on 27 Jan 2025
- 1 Minute to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Microsoft Defender ATP - Isolate Assets quarantines assets returned by the selected query or assets selected on the relevant asset page.
Microsoft Defender ATP - Unisolate Assets restores full network connectivity to assets returned by the selected query or assets selected on the relevant asset page.
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
Note:
- Not all asset types are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
Required Fields
These fields must be configured to run the Enforcement Set.
- Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
- Use stored credentials from the Defender ATP adapter - Select this option to use credentials from the adapter connection. By default, the first connection is selected.
- When you select this option, the Select Adapter Connection drop-down becomes available. Select the adapter connection to use for this Enforcement Action.
Note:
To use this option, you must successfully configure a Microsoft Defender for Endpoint adapter connection.
- Comment - Enter a comment that will be displayed.
- Isolation Type - Select an isolation type, either 'Full' or 'Selective'.
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Required Permissions
The Microsoft Entra ID (Azure AD) application configured in the Defender ATP adapter must have the following Application permission:
- Machine.Isolate
See Microsoft Defender ATP documentation for more information.
For more details about other Enforcement Actions available, see Action Library.
Was this article helpful?