Microsoft announced a new Microsoft Defender for Endpoint (MDE) feature that will help organizations prevent an attacker from using compromised devices to traverse the network sideways.
The new feature will “keep” jailbroken Windows devices on the network. Once a computer is marked as isolated, MDE will block all connections and communication with a device on the network. If a cybercriminal changes the computer’s IP address, all registered devices will block communication even with the new IP address.
“This action can help prevent nearby devices from being compromised while a technician works to fix the threat on the compromised device,” Microsoft explained.
However, the new MDE option will only work on devices running Windows 10 and later or Windows Server 2019 and later. This means that a cybercriminal can gain access to devices that do not support the new MDE feature.