Issue
I cannot remove an endpoint from isolation, either via Red Canary or the Microsoft Defender console.
Environment
Microsoft Defender for Endpoint
Windows
Resolution
Microsoft Defender offers a script to remove isolation locally on the endpoint. This feature is supported for certain versions of Windows 10 & 11 operating systems.
See Forcibly release device from isolation for more information.
Cause
The endpoint has become unresponsive and is no longer properly communicating to the Microsoft Defender console to receive the remove isolation command.
Comments
0 comments
Please sign in to leave a comment.