Undiscovered endpoints present serious threats as they can evade monitoring and lack essential security controls, making them particularly vulnerable to cyberattacks.

By blocking malicious IP addresses linked to these undiscovered devices, Defender for Endpoint aims to thwart potential data breaches.

Administrators have the flexibility to undo the containment of an IP address at any time through the Action Center, allowing for easy management of network security.

Users can restore connections and prevent the containment of IP addresses via the 'Contain IP' menu in the Action Center, which includes an 'Undo' option.

Since June 2022, Defender for Endpoint has been capable of isolating hacked and unmanaged Windows devices to stop the spread of attacks within networks.

In October 2023, Microsoft expanded device isolation capabilities to include onboarded Linux devices, enhancing its security offerings alongside existing functionalities for macOS.

Defender for Endpoint also isolates compromised user accounts to inhibit lateral movement during ransomware attacks, further bolstering network security.

Microsoft is enhancing Defender for Endpoint with a new capability that blocks traffic to and from undiscovered endpoints, significantly reducing security risks.

This feature automatically contains the IP addresses of devices not yet onboarded to Defender for Endpoint, preventing threat actors from accessing other non-compromised devices.

Granular containment is achieved by selectively blocking specific ports and communication directions, rather than isolating the entire device.

This targeted containment process ensures critical assets are protected while allowing for more precise control over network traffic.

The new feature will be compatible with Defender for Endpoint-onboarded devices running Windows 10, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019 or later.