Microsoft has introduced a new security feature that should make corporate Windows computers more secure. The software giant has allowed Microsoft Defender Antivirus to keep a list of unmanaged and compromised Windows devices on the network. Such accessories will be in virtual quarantine and will not be able to communicate with other computers on the network.
Thus, if an attacker or virus manages to penetrate the network, it will not be able to expand its influence and cause serious damage.
“This action can help prevent nearby devices from being compromised while the Security Operations Analyst finds, identifies, and remediates the threat on the broken device,” Microsoft said.
There are limits to how the function works. It only works on Windows 10 (and newer versions) or Windows Server 2019 (and newer) embedded devices, says TechToday.
The new feature can be found on the Device Inventory page in the Microsoft 365 Defender Portal. There, the administrator can choose which devices to contain by selecting the “Combine device” option from the action menu.
NIX Solutions notes that the changes will take effect within five minutes.
If an infected device tries to change its IP address to leave quarantine, other managed devices will be able to recognize the change and block all communications coming from the new IP address.