Microsoft have announced a new feature – Microsoft Defenders endpoint (MDE) for Microsoft device users.
It will prevent hackers and attackers from using concessioned unmanaged devices to move edgeways through the network.
Additionally, this new feature allows admins to hold unmanaged devices on their network if they are compromised or doubted to be compromised.
However, the enterprise endpoint security platform will inform Windows systems on the network to block all communications if it’s tagged ‘contained’.
This system will help stop nasty personalities from moving edgeway within organisations for using unmanaged devices.
It will also prevent infection that can cause harm.
Later, Microsoft stated that, ‘Only devices running on Windows 10 and above will perform the Contain action.’
‘Which means, only devices running Windows 10 and above that are enrolled in Microsoft Defender for Endpoint will block ‘contained’ devices at this time,’ Microsoft mentioned.
How to hold a compromised Windows device’?
The user need to follow these steps to contain the compromised Windows device’ –
1)Open the Device inventory page in your device under Microsoft 365 defender portal and choose the device to contain.
2)Click on Contain device from the action menu in device flyout.
3)On the contained device popup, type a comment and confirm.
It can take upto 5 mins for Microsoft Defender for Endpoint onboarding devices for blocking communication after you contain an unmanaged device.
Meanwhile, if any contained device on the network changes its IP address, all enrolled devices will recognise it and will begin blocking its communications with the new IP address.
From containment under device inventory, you can discontain any device.
