Isolate/Unisolate in Microsoft Defender ATP
  • 23 May 2022
  • 1 Minute to read
  • Dark
    Light
  • PDF

Isolate/Unisolate in Microsoft Defender ATP

  • Dark
    Light
  • PDF

Isolate in Microsoft Defender ATP quarantines each of the query results entities (endpoints) from the network that are the result of the saved query supplied as a trigger (or devices selected in the asset table).

Unisolate in Microsoft Defender ATP restores full network connectivity to each of the query results entities (endpoints).

NOTE
To use the actions below, you must successfully configure a Microsoft Defender for Endpoint adapter connection.

Isolate in Microsoft Defender ATP

To configure Isolate in Microsoft Defender ATP, from the Action Library, click Execute Endpoint Security Agent Action, and then click Isolate in Microsoft Defender ATP.

Action Settings

  1. Comment - Enter a comment that will be displayed.
  2. Isolation Type - Select an isolation type, either 'Full' or 'Selective'.

Unisolate in Microsoft Defender ATP

To configure Unisolate in Microsoft Defender ATP, from the Action Library, click Execute Endpoint Security Agent Action, and then click Unisolate in Microsoft Defender ATP.

Action Settings

  1. Comment - Enter a comment that will be displayed.
  2. Isolation Type - Select an isolation type, either 'Full' or 'Selective'.

To learn more about configuring Enforcement Sets, see Configuring Enforcement Sets.


First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.