Microsoft Defender will quarantine infected PCs

If an infected device tries to change its IP address to quarantine, other managed devices will be able to detect the change and block all communications coming from the new IP address.

Microsoft has introduced a new security feature that should make enterprise computers on Windows more secure. The software giant has allowed Microsoft Defender to maintain a list of unmanaged and compromised Windows devices on the network. Such devices will be in virtual quarantine and will not be able to communicate with other computers on the network.

Thus, if an attacker or virus manages to penetrate the network, it will not be able to expand its influence and cause serious damage.

“This action can help prevent neighboring devices from being compromised while a security analyst finds, identifies, and fixes a threat on a broken device,” Microsoft said.

There are limitations in the work of the function. It only works on embedded devices in Windows 10 (and later) or Windows Server 2019 (and later).

The new feature can be found on the Device Inventory page on the Microsoft 365 Defender portal. There, the administrator can select which devices to contain by selecting the “Contain Device” option in the action menu.

It is stated that the changes will take effect within five minutes.

If an infected device tries to change its IP address to quarantine, other managed devices will be able to detect the change and block all communications coming from the new IP address.