Technology

Microsoft Defender Endpoint now separates unmanaged and compromised Windows 10 devices

According to the latest report, Microsoft Defender will now block all incoming and outgoing communications from infected and unmanaged Windows devices. Microsoft Defender for Endpoint (MDE) has gained a new feature that attempts to slow down and potentially prevent attackers from using infected unmanaged devices to run amok across the network.

JOIN US ON TELEGRAM

Administrators who manage devices running Windows operating systems may be protected by Microsoft Defender for Endpoint and will now be able to “include” specific computers. This new feature enables network administrators to restrict the movement of data, information, and commands from potentially hacked devices. Interestingly, admins can even restrict the flow of information from devices not protected by MDE:

“Starting today, when a device that is not enrolled in Microsoft Defender for Endpoint is suspected of being compromised, as a SOC analyst, you will be able to contain it. As a result, any device enrolled in Microsoft Defender for Endpoint will now block access to Any incoming/outgoing communication from suspicious devices.”

It’s no secret that hackers attack weak and unmanaged devices. Once such a device is compromised, hackers have more freedom to roam the network. Microsoft claims that 71% of ransomware attacks start by compromising unmanaged devices.

Windows devices that are part of an MDE environment can be easily isolated to prevent hackers from infiltrating other devices in the network. However, quickly isolating devices that are not MDE protected is often difficult. Delays can be costly as hackers may have already compromised other devices.

The new feature basically instructs any MDE-protected device to restrict incoming and outgoing communication with a suspected compromised device. It’s unclear whether Microsoft Defender for Endpoint can independently flag a device as suspicious and instruct other MDE-registered devices to block traffic. Currently, administrators must contain infected devices.

Moreover, the new features are only supported on Windows 10 and Windows Server 2019+ devices running Microsoft Defender for Endpoint.

(via) 


Trending News

To Top