Forum Discussion

XPaulo's avatar
XPaulo
Copper Contributor
Dec 17, 2020
Solved

Microsoft Defender for Endpoint for Server isolation capability

Hello,

I've been struggling to find this information and decided to post this here.

Microsoft Defender for Endpoint (formerly MDATP) has the capability to isolate registered devices via a click in the MDATP portal.

Microsoft Defender for Endpoint is now also available for servers under the name Microsoft Defender for Endpoint for Server.

When deployed to a server do I also have the capability to isolate that endpoint (which is a Windows 2016 or Windows 2019 server) in the same way?

Does anybody know?
Thanks

P.

  • XPaulo's avatar
    XPaulo
    Dec 18, 2020

    shoando Thanks for your input. OK, so 2016 needs the agent but for 2019 would it work, since AFAIU, it is native in the OS. Am I correct?

7 Replies

Sort By
  • shoando's avatar
    shoando
    Copper Contributor
    Dec 18, 2020

    For operating systems that use the Microsoft Monitoring Agent, isolation is not available.XPaulo 

    • XPaulo's avatar
      XPaulo
      Copper Contributor
      Jan 17, 2021

      shoando So after some tests, you're right

      I'm able to isolate 2019 Servers just as Windows 10. There is no need to install an agent

      For Windows 2016, you need the MAM agent to get the events in your tenant.

      Even though the GUI gives you the possibility to isolate a device or run an AV scan, it does not do anything. You see the actions pending in the action center and can't even undo them (as such they remain greyed out after you clicked on them for that specific server)

       

      • daviddevosstars's avatar
        daviddevosstars
        Iron Contributor
        Apr 13, 2021

        XPauloI provided the same feedback already. The interface shows "start automated investigation" for all the supported operating systems, while it only works for the latest W10/W2019 releases. They should remove that action for unsupported devices to avoid confusion.

        The next thing you see is that a suspicious investigation was noticed in the alert list ... 🙂

    • XPaulo's avatar
      XPaulo
      Copper Contributor
      Dec 18, 2020

      shoando Thanks for your input. OK, so 2016 needs the agent but for 2019 would it work, since AFAIU, it is native in the OS. Am I correct?

Resources