According to foreign technology media, The Register reported that organizations/institutions using Microsoft Defender for Endpoint service can remotely lock Linux devices to prevent attackers through the Linux device to access the organization’s internal devices.
The device isolation feature is still in public preview and can now be deployed to Windows devices within an organization. Microsoft said in an official blog post that “some attack scenarios require IT managers within an organization to block devices from accessing the internal network.
Microsoft continued: “IT administrators can take this approach to prevent attackers from accessing the internal network after discovering suspicious behavior on remote devices to avoid data breaches and other related incidents.
Microsoft said IT administrators remotely lock the device, the device can only run a limited number of processes to access the specified web pages. After removing suspicious factors, IT administrators can restore the device’s access to the internal network.