Skip to main content

Isolate or Unisolate device on Microsoft Defender for Endpoint - Workflow Template

Nested workflow to Isolate or Unisolate a device by its machineId or device name.

Updated yesterday

The "Isolate or Unisolate device on Microsoft Defender for Endpoint" workflow template is designed to streamline endpoint security management within an organization. Using either the `machineId` or `computerDnsName`, security teams can quickly isolate or reverse isolation on devices within their network to manage threats. It ensures the actions are successful, monitors endpoints, and compiles a history of previous isolations, enhancing the Endpoint Detection and Response (EDR) operations. Essential for maintaining secure and controlled network environments.

Take Me to the Template

Optional Triggers

["This workflows is intended to be used as a function."]

Use Cases

Endpoint Detection and Response (EDR) , Function

Workflow Breakdown

  1. Takes as an input machineId or computerDnsName values.

  2. Submits Isolate or Unisolate action to device by it's machineId.

  3. Workflow will wait an specified period of time to verify the action is successful applied by Endpoint.

  4. Collects a list of previous Isolate or Unisolate actions.

Vendors

Utils, Microsoft Defender for Endpoint

Workflow Output

Summary of status of the action.

Related Articles
Run Antivirus Scan on a device on Microsoft Defender for Endpoint - Workflow Template
Run LiveResponses on Microsoft Defender for Endpoint - Workflow Template
Initial Microsoft Defender for Endpoint Case Creation - Workflow Template
QuickAction - Isolate or Release a Device on MS Defender Endpoint - Workflow Template
QuickAction - Scan Device on MS Defender for Endpoint - Workflow Template
Did this answer your question?