Microsoft is addressing one of the major challenges faced by IT teams – identifying compromised user accounts and preventing them from being exploited by hackers. In the latest update to Defender for Endpoint, Microsoft introduces a powerful tool called “contain user” aimed at achieving just that.
Currently available in public preview, Microsoft Defender for Endpoint introduces the “contain user” tool, designed to isolate potentially problematic user accounts. When this tool detects suspicious behavior associated with a user account, Defender for Endpoint takes action by isolating the user, cutting off its access to other endpoints and resources. The goal is to halt any potential threats before they can inflict further damage, such as deploying ransomware.