Skip to main content

Isolate Machine

Isolates a device from accessing external network.

The following permission is required to run this action:

  • Machine.Isolate
External Documentation

Parameters

ParameterDescription
CommentComment to associate with the action.
Isolation TypeType of the isolation. Allowed values:
  • Full - Full isolation.
  • Selective - Restrict only limited set of applications from accessing the network.Note: Isolating devices from the network is not currently supported for devices running macOS. For macOS, use live response to run the action. See Isolate devices from the network for more details.
Machine IDThe ID of the machine. Can be obtained using the List Machines action.

Example Output

{
"id": "5382f7ea-7557-4ab7-9782-d50480024a4e",
"type": "Isolate",
"scope": "Selective",
"requestor": "Analyst@TestPrd.onmicrosoft.com",
"requestorComment": "test for docs",
"status": "Succeeded",
"machineId": "7b1f4967d9728e5aa3c06a9e617a22a4a5a17378",
"computerDnsName": "desktop-test",
"creationDateTimeUtc": "2019-01-02T14:39:38.2262283Z",
"lastUpdateDateTimeUtc": "2019-01-02T14:40:44.6596267Z",
"relatedFileInfo": null
}

Workflow Library Example

Isolate Machine with Microsoft Defender for Endpoints and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop