Not a user yet?
Log in Register for free Suggest a product
Update

(Preview) Automatic attack disruption can now isolate compromised devices from the network

Defender XDRDefender XDR
Microsoft

May 2026

  • (Preview) Automatic attack disruption can now isolate compromised devices from the network when high-confidence incident analysis indicates the device is being used as an active foothold. Isolation blocks attacker communication and lateral movement while keeping the device connected to security services. The action is time-limited, scoped to devices involved in the incident, and can be released by security operators at any time. Learn more
  • In advanced hunting, the Take action wizard now lets customers allow or block top-level domains and files attachment hashes in emails based on query results. Learn more.
  • The hunting graph in advanced hunting now includes new identity-focused predefined scenarios. These scenarios help you discover attack paths, privilege escalation routes, and credential access risks across on-premises and cloud environments, including Kerberoast and AS-REP roast paths, domain compromise routes, OAuth application risks, and external user access to cloud resources.
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Microsoft updates

More from the Apps & Software section

Was the content helpful to you?

Advertisement Advertise here?
Banner Logitech