Skip to main content
All CollectionsTemplatesBasic
Isolate or Unisolate device on Microsoft Defender for Endpoint - Workflow Template
Isolate or Unisolate device on Microsoft Defender for Endpoint - Workflow Template

Nested workflow to Isolate or Unisolate a device by its machineId or device name.

Updated over 10 months ago

This workflow template facilitates the isolation or reintegration of devices within a network, employing Microsoft Defender for Endpoint. It enables security teams to quickly isolate a device by using its machine ID or computer DNS name, prevent potential threats from spreading, and ensure the security of network assets. The workflow waits for a specified duration to confirm successful execution and records all related actions for thorough incident response and analysis. This workflow is essential for proactive Endpoint Detection and Response (EDR) measures, ensuring network integrity through immediate containment of suspect devices.

Take Me to the Template

Optional Triggers

"This workflows is intended to be used as a function."

Use Cases

Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Takes as an input machineId or computerDnsName values.

  2. Submits Isolate or Unisolate action to device by it's machineId.

  3. Workflow will wait an specified period of time to verify the action is successful applied by Endpoint.

  4. Collects a list of previous Isolate or Unisolate actions.

Vendors

Utils, Microsoft Defender for Endpoint

Workflow Output

Summary of status of the action.

Related Articles
Run Antivirus Scan on a device on Microsoft Defender for Endpoint - Workflow Template
Fetch File Information by Hash from Microsoft Defender - Workflow Template
Request File Download From CrowdStrike Using Real Time Response - Workflow Template
Run LiveResponses on Microsoft Defender for Endpoint - Workflow Template
Microsoft Defender for Endpoint
Did this answer your question?