microsoft defender is one of the most widely used security solutions today. It is available both for home users and also in a more professional business version. Now they have launched an interesting novelty, and that is that it will allow isolate Windows devices that have been hacked and are not managed, so they will prevent a hacker from moving through the network.
Microsoft Defender isolates attacked computers
A major problem is when a cybercriminal manages to exploit a vulnerability on a device that is connected to the network and through that gateway it manages to access other computers. That will expose the privacy and security of those who are within that network. To prevent that from happening, Microsoft Defender now, in the Endpoint version, is going to isolate those devices.
How exactly does it work? This function will allow administrators contain unmanaged Windows devices in your network once they have been attacked or if they suspect that they are compromised and may pose a problem for the security of the entire network. What Microsoft Defender does in that case is block access to the network of those computers. All communications to and from those devices will be blocked.
This will end one of the most important security problems, which occurs when there is a vulnerable device in a company, for example, and hackers access the rest through that device. This can happen if there is an outdated computer, without correcting the vulnerabilities.
has limitations
However, it should be noted that it has an important limitation. This Microsoft Defender feature of blocking hacked devices on a network is only available for computers running Windows 10, Windows 11, or Windows Server 2019 and higher.
What does this mean? It is common for computer attacks to focus primarily on old systems, which are outdated and may have vulnerabilities. If a company has a computer with Windows 7, for example, in the event that it is affected by a cyber attack, it will not be isolated as a computer with Windows 10 or Windows 11 would be.
However, it is a first step to be able to isolate windows computers that may have been attacked by a cybercriminal. To do this, network administrators will need to go to the device inventory page within Microsoft 365 Defender and select the device they want to isolate. If at any given time it is necessary for it to be available again, you simply have to follow the steps again and enable it.
In short, as you can see Microsoft Defender has launched a new and interesting feature. Network administrators will be able to isolate devices that have been hacked or are suspected of posing a security risk to other computers connected to the network and action must be taken.
Likewise, it is always advisable to take precautionary measures. A clear example is maintaining security when working in the cloud. This will prevent other devices from being compromised by a cyber attack.
