Microsoft Defender upgrade could solve one of the biggest BYOD security threats
Compromised devices can be isolated from the network
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas just introduced a new security feature that’s bound to make life a lot easier for IT pros handling a remote workforce. The Redmond software giant has now enabled Microsoft Defender for Endpoint (MDE) to “contain” unmanaged, and compromised Windows devices on the network.
In other words, if a Windows device on the network gets deemed unsafe, or compromised, for whatever reason, other devices on the network will avoid it like the plague - no communication comes in, or goes out of the device.
That way, in case a threat actor managed to weasel their way into anetwork, they’ll be stopped in their tracks, before they can do any serious damage. Mapping out the target network, identifying keyendpoints, and exfiltrating sensitive data from all the devices, is key, for example, in ransomware attacks.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.
Targeting unmanaged endpoints
IT security pros, on the other hand, will have an isolated, compromised device, to play around with.
“This action can help prevent neighboring devices from becoming compromised while the security operations analyst locates, identifies, and remediates the threat on the compromised device,” Microsoft said.
There’s a caveat, though. This only works on onboardedWindows 10(and later) devices, or Windows Server 2019 (and later).
This nasty Windows 10 zero-day vulnerability finally has an unofficial fix>Microsoft takes action to eliminate potential Windows 11 vulnerability>Microsoft has uncovered loads of Windows 11 security threats – here’s what you need to do
“Only devices running on Windows 10 and above will perform the Contain action meaning that only devices running Windows 10 and above that are enrolled in Microsoft Defender for Endpoint will block ‘contained’ devices at this time,” Microsoft says.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In other words, a compromisedunmanaged devicecan still affect other unmanaged devices.
The new feature can be found on the “Device inventory” page in the Microsoft 365 Defender portal. There, the admin can choose which devices to contain, by selecting the “Contain device” option from the actions menu.
It may take up to five minutes for the changes to take effect, it was said.
Should a contained device change its IP address, other managed devices will be able to recognize the change and block all communications coming from the new IP address, as well.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Thousands of employees could be falling victim to obvious phishing scams every month
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Rising AI threats are making firms turn back to human intelligence
