HomeWinBuzzer NewsMicrosoft Defender Enhances Security with Auto-Isolation Feature for Compromised Accounts

Microsoft Defender Enhances Security with Auto-Isolation Feature for Compromised Accounts

Microsoft's new security update counters rising ransomware attacks by preventing hackers from exploiting enterprise IT systems and using stolen accounts.


has augmented its security measures to fend off potential culprits by implementing automatic isolation of compromised user accounts. This decision is targeted at obstructing hackers from maneuvering within an enterprise's IT infrastructure, prompted by rising incidents of ransomware attacks where malicious entities infiltrate networks, escalate privileges via stolen accounts, and deploy harmful payloads.

Defender for Endpoint to Outmaneuver Attackers

The upgraded security feature has been incorporated into for Endpoint in public preview. Rob Lefferts, Corporate Vice President for Microsoft 365 Security, stated, “This on-by-default capability will identify if the compromised user has any associated activity with any other endpoint and immediately cut off all inbound and outbound communication, essentially containing them.”

With Microsoft Defender for Endpoint, attackers are restricted to infiltrate into victims' on-premises or cloud IT architecture. The isolation is achieved by briefly containing suspiciously compromised accounts. The attack disruption feature achieves containment on accounts across all devices and prevents malicious activities like lateral movement using compromised accounts, credential theft, data exfiltration, and .

Attacks and Isolations: Microsoft's Response

Additional support is provided by an automated attack disruption feature, which combats the preliminary stages of a human-operated attack detected on an endpoint. Concurrently, the tool extends protection to all devices in the organization by halting incoming damaging traffic.

Microsoft's initiative to introduce automatic attack disruption to Microsoft 365 Defender XDR (Extended Detection and Response) solution has shown commendable progress. As per Microsoft's internal data, since its inception in August 2023, over 6,500 devices have duly been saved from ransomware campaigns instigated by hacker groups such as BlackByte and Akira.

Furthermore, Defender for Endpoint, since June 2022, has been successful in isolating hacked and unmanaged Windows devices, subsequent to restricting the lateral movement of malicious entities by blocking all communication to and from the compromised devices. The steps taken by Microsoft have facilitated security operations analysts to efficiently identify, locate, and mitigate the threats posed to compromised identities.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News