Summary: Microsoft is implementing a new feature in Defender for Endpoint that will block traffic to and from undiscovered endpoints, preventing lateral movement of attackers within networks. This is achieved through the automatic containment of IP addresses associated with devices not yet onboarded to the Defender system. The feature aims to enhance security by protecting unmonitored devices from being compromised during attacks.Affected: Microsoft Defender for Endpoint
Keypoints :
- New capability automatically contains IP addresses of undiscovered or not onboarded devices.
- Prevents attackers from spreading by blocking communication with contained IP addresses.
- Feature supports devices running Windows 10, Windows Server 2012 R2, 2016, and 2019+
- Admins can reverse IP containment via the βAction Centerβ.
- Also supports isolation of compromised user accounts and devices in hands-on-keyboard attacks.
Views: 11