Microsoft Defender for Endpoint Adds Device Isolation Support for Linux Machines


Microsoft Defender for Endpoint has introduced device isolation support in public preview on onboarded Linux machines. The security feature enables IT admins to isolate Linux machines manually via the Microsoft 365 Defender portal or API requests.

According to Microsoft, the threat actors will no longer be able to remotely connect with the isolated Linux devices. This action should help to block hackers from getting unauthorized access and stealing sensitive data from compromised Linux systems.

“Some attack scenarios may require you to isolate a device from the network. This action can help prevent the attacker from controlling the compromised device and performing further activities such as data exfiltration and lateral movement. Just like in Windows devices, this device isolation feature disconnects the compromised device from the network while retaining connectivity to the Defender for Endpoint service, while continuing to monitor the device,” Microsoft explained.

Microsoft Defender for Endpoint Device Isolation Support for Linux Machines

Microsoft notes that administrators can isolate a Linux device manually by heading to the Microsoft 365 Defender portal. Then, navigate to the device page of the Linux device and click “Isolate Device.” Alternatively, IT Pros can use the APIs to isolate a Linux device from accessing the external network.

Microsoft Defender for Endpoint offers device isolation for all Linux-supported distros

Once the device is isolated, IT Pros can mitigate the threat and click the “Release from isolation” button to reconnect the device to the network. Microsoft has also detailed steps to revert the isolation of the Linux device through the “unisolate” HTTP API request.

Microsoft Defender for Endpoint currently provides device isolation support for all Linux-supported distributions. We invite you to check out the full list on this support page.

In related news, Microsoft announced several updates for Microsoft Defender for Endpoint in November 2022. The service added a new Zeek integration to reduce the time required to detect sophisticated network-based threats. The company also released a new update to protect removable storage devices on Windows devices.