Configure Remove Host Isolation capability in Microsoft Defender for Endpoint

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • If needed, remove the isolation of a host that was previously isolated from the network in Microsoft Defender for Endpoint. You can prevent any other malicious activities or potential attacks on other hosts.

    시작하기 전에

    표 1. Requirements for Remove Isolation capability
    Capability Required Input Description
    Remove Isolation Comment (Required) Comment to associate with the action.

    Role required: sn_si.admin or sn_si.analyst

    프로시저

    1. Navigate to Security Incidents > Show All Incidents.
    2. Select the security incident that you want to review with the Microsoft Defender for Endpoint information.
    3. In the Related Links section, click Run EDR Profile(s).
    4. Browse and select a profile with Remove Isolation capability selected from the list of available profiles, and click Submit.
      그림 1. Remove Isolation
      Remove Isolation capability in Microsoft Defender for Endpoint
      Alternatively, you can perform the following steps:
      1. Click Show All Related Lists in the related lists section.
      2. Click the Configuration Item related list.
      3. Select Remove Isolation and select the corresponding capabilities.
    5. Validate the automation activity and activities section.
    6. View the data, and validate the isolate host details on the related lists.
    7. Validate the automation activities of the execution.