Microsoft Defender for Endpoint Can Now Block Bad Unmanaged Devices -- Redmondmag.com

Microsoft Defender for Endpoint Can Now Block Bad Unmanaged Devices

By Kurt Mackie
06/09/2022

Microsoft Defender for Endpoint users now have a new "Contain" feature for compromised devices, Microsoft announced on Thursday.

The Contain option in Microsoft Defender for Endpoint will block a device's communications with other devices. The blocking will happen even should the IP address of the compromised device be changed.

One noteworthy aspect of the Contain feature is that it'll work on devices "not enrolled in Microsoft Defender for Endpoint."

These nonenrolled devices might be Internet of Things-types of devices where an organization's network access controls are lacking. IT pros may have trouble locating such devices. Addressing the problem might be a hands-on ordeal, the announcement suggested.

The Contain feature is similar to a device Isolation feature in Microsoft Defender for Endpoint, but it doesn't require device enrollment to work. Once a device is contained, it takes about five minutes for the blocked communications to take effect for other devices, Microsoft noted in this document.

The role-based access control permissions needed by IT pros to use the Contain feature are "similar to device isolation," Microsoft indicated. Those exact permissions weren't spelled out, though.

Exactly how the new Contain feature works wasn't explained. It has a few safeguards. If the compromised device is a network device, such as a router, Microsoft Defender for Endpoint will display a warning message that containing it "may cause network connectivity issues." Also, trying to contain a device that shares IP connections with other devices will pop up a warning message.

The Contain feature in Microsoft Defender for Endpoint is currently limited to the Windows platform. It just works with devices running Windows 10 (or newer) or Windows Server 2019 (or newer) operating systems.

However, the announcement promised that "additional platform support" for the Contain feature would be coming.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.