Isolate Machine
Isolates a device from accessing external network.
The following permission is required to run this action:
Machine.Isolate
External Documentation
To learn more, visit the Microsoft Defender For Endpoints documentation.
Parameters
| Parameter | Description |
|---|---|
| Comment | Comment to associate with the action. |
| Isolation Type | Type of the isolation. Allowed values: - Full - Full isolation. - Selective - Restrict only limited set of applications from accessing the network. Note: Isolating devices from the network is not currently supported for devices running macOS. For macOS, use live response to run the action. See Isolate devices from the network for more details. |
| Machine ID | The ID of the machine. Can be obtained using the List Machines action. |
Example Output
{
"id": "5382f7ea-7557-4ab7-9782-d50480024a4e",
"type": "Isolate",
"scope": "Selective",
"requestor": "Analyst@TestPrd.onmicrosoft.com",
"requestorComment": "test for docs",
"status": "Succeeded",
"machineId": "7b1f4967d9728e5aa3c06a9e617a22a4a5a17378",
"computerDnsName": "desktop-test",
"creationDateTimeUtc": "2019-01-02T14:39:38.2262283Z",
"lastUpdateDateTimeUtc": "2019-01-02T14:40:44.6596267Z",
"relatedFileInfo": null
}
Workflow Library Example
Isolate Machine with Microsoft Defender for Endpoints and Send Results Via Email
Preview this Workflow on desktop