Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Defender for Endpoint Adds Device Isolation Support for Linux Machines

Microsoft Defender for Endpoint has introduced device isolation support in public preview on onboarded Linux machines. The security feature enables IT admins to isolate Linux machines manually via the Microsoft 365 Defender portal or API requests.

According to Microsoft, the threat actors will no longer be able to remotely connect with the isolated Linux devices. This action should help to block hackers from getting unauthorized access and stealing sensitive data from compromised Linux systems.

“Some attack scenarios may require you to isolate a device from the network. This action can help prevent the attacker from controlling the compromised device and performing further activities such as data exfiltration and lateral movement. Just like in Windows devices, this device isolation feature disconnects the compromised device from the network while retaining connectivity to the Defender for Endpoint service, while continuing to monitor the device,” Microsoft explained.

Microsoft Defender for Endpoint Device Isolation Support for Linux Machines

Microsoft notes that administrators can isolate a Linux device manually by heading to the Microsoft 365 Defender portal. Then, navigate to the device page of the Linux device and click “Isolate Device.” Alternatively, IT Pros can use the APIs to isolate a Linux device from accessing the external network.

Microsoft Defender for Endpoint offers device isolation for all Linux-supported distros

Once the device is isolated, IT Pros can mitigate the threat and click the “Release from isolation” button to reconnect the device to the network. Microsoft has also detailed steps to revert the isolation of the Linux device through the “unisolate” HTTP API request.

Microsoft Defender for Endpoint currently provides device isolation support for all Linux-supported distributions. We invite you to check out the full list on this support page.

In related news, Microsoft announced several updates for Microsoft Defender for Endpoint in November 2022. The service added a new Zeek integration to reduce the time required to detect sophisticated network-based threats. The company also released a new update to protect removable storage devices on Windows devices.

by Rabia Noureen
Jan 31, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
The Ultimate Guide to Web Application Firewalls (WAF)

Jun 20, 2023
The Dirty Truth About IT Offboarding Automation

Jul 21, 2023
Aug 25, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.