Forum Discussion
HansDoerr
Microsoft
MicrosoftWhat URLs are allowed when a device is in isolation?
I have a customer who's asking what URLs are allowed when a device has been set to "Isolated". I know there's full isolation (where the only thing allowed is the Defender ATP service) and selective isolation (for Windows devices which allows Outlook, Teams and Skype for Business).
Per "Take response actions on a device in Microsoft Defender for Endpoint - Microsoft Defender for Endpoint", when isolating a device, "only certain processes and destinations are allowed."
So:
#1-is there a more detailed list of what's allowed?
#2-is it configurable?
Thanks!
Unfortunately, everything outside Outlook, Teams and Skype for Business nothing else is allowed as a network connection including any custom rules.
Relevant documentation: https://learn.microsoft.com/defender-endpoint/respond-machine-alerts#isolate-devices-from-the-network?wt.mc_id=MVP_376769
If I have answered your question, please mark your post as Solved
If you like my response, please consider giving it a like
Did you get an answer to the #2 part of your question? My organization has a managment tool we would like to continue using even when a host is isolated.
- I am not sure if there is a definitive list for what you are looking for, but I will say that msense and defender cloud *wd* urls will be required access at a minimum. The full list can be found at the link below which requires unrestricted access in general- https://learn.microsoft.com/en-us/defender-endpoint/configure-network-connections-microsoft-defender-antivirus
