Forum Discussion

XPaulo's avatar
XPaulo
Copper Contributor
Dec 17, 2020
Solved

Microsoft Defender for Endpoint for Server isolation capability

Hello, I've been struggling to find this information and decided to post this here. Microsoft Defender for Endpoint (formerly MDATP) has the capability to isolate registered devices via a click in...
  • XPaulo's avatar
    XPaulo
    Dec 17, 2020

    shoando Thanks for your input. OK, so 2016 needs the agent but for 2019 would it work, since AFAIU, it is native in the OS. Am I correct?

XPaulo's avatar
XPaulo
Copper Contributor
Jan 16, 2021

shoando So after some tests, you're right

I'm able to isolate 2019 Servers just as Windows 10. There is no need to install an agent

For Windows 2016, you need the MAM agent to get the events in your tenant.

Even though the GUI gives you the possibility to isolate a device or run an AV scan, it does not do anything. You see the actions pending in the action center and can't even undo them (as such they remain greyed out after you clicked on them for that specific server)

 

daviddevosstars's avatar
daviddevosstars
MCT
Apr 13, 2021

XPauloI provided the same feedback already. The interface shows "start automated investigation" for all the supported operating systems, while it only works for the latest W10/W2019 releases. They should remove that action for unsupported devices to avoid confusion.

The next thing you see is that a suspicious investigation was noticed in the alert list ... 🙂