Microsoft Defender: Enhanced Auto-Isolation and Autonomous Protection

Microsoft Defender for Endpoint has introduced an automatic attack disruption feature that isolates compromised user accounts to prevent lateral movement in hands-on-keyboard attacks. This capability temporarily contains suspicious identities, preventing attackers from using them to escalate privileges, move laterally, perform credential theft, data exfiltration, or encrypt remotely. When an initial stage of a human-operated attack is detected, the feature blocks the attack on the affected device and inoculates other devices within the organization by blocking incoming malicious traffic. Since its introduction, over 6,500 devices have been protected from ransomware campaigns. Defender for Endpoint can also isolate hacked and unmanaged Windows devices, preventing lateral movement within networks.