Event details

The next evolution of automatic attack disruption   Our season finale is going in-depth on an innovative, industry-first capability that marks a significant step forward for defenders gaining gro...
Trevor_Rusher
Updated Dec 27, 2024
Virtual Ninja Show
HeikeRitter's avatar
HeikeRitter
Icon for Microsoft rankMicrosoft
Oct 12, 2023
Hi all, welcome! Please feel free to ask your questions here 🙂
sassdawe's avatar
sassdawe
MCT
Oct 12, 2023
How is this new capability coming into play at a cloud-only environment where there is no Active Directory, no servers, nothing, but only Entra ID joined devices?
  • HeikeRitter's avatar
    HeikeRitter
    Icon for Microsoft rankMicrosoft
    Oct 12, 2023
    Hi David! This capability is not depended on Active Directory, and it will still provide protection also for Entra ID joined devices onboarded to Microsoft Defender for Endpoint. "Contain user" also knows how to contain compromised Entra ID user accounts that are attempting to move laterally in the network, including but not limited to, stopping and terminating Remote Desktop sessions.