Configure Isolate Host capability in Microsoft Defender for Endpoint

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • Isolate the host from accessing the network in Microsoft Defender for Endpoint based on the severity of the attack. Isolating the host from the network enables you to prevent any other malicious activities or potential attacks on other hosts.

    시작하기 전에

    Role required: sn_si.admin or sn_si.analyst

    표 1. Requirements for Isolate Host capability
    Capability Required Description
    Isolate Host Isolation Type (Required) Type of the Isolation (Full or Selective).
    Comment (Required) Comment to associate with the action.

    프로시저

    1. Navigate to Security Incidents > Show All Incidents.
    2. Select the security incident that you want to review with the Microsoft Defender for Endpoint information.
    3. In the Related Links section, click Run EDR Profile(s).
    4. Browse and select a profile with Isolate Host capability selected from the list of available profiles, and click Submit.
      그림 1. Isolate Host
      Isolate Host capability in Microsoft Defender for Endpoint
      Alternatively, you can perform the following steps:
      1. In the related lists section, click Show All Related Lists.
      2. Click the Configuration Item related list.
      3. Select Isolate Host and select the corresponding capabilities.
    5. Validate the automation activity and activities section, and make sure that the data is as expect.
    6. View the data, and validate the isolate host details on the related lists.