Microsoft previews automatic device isolation in Defender for Endpoint amid security concerns

At a glance:

• Microsoft is testing automatic device isolation in Defender for Endpoint to contain cyber attacks in progress.
• A SANS Institute study warns attackers could exploit the feature to disable all user accounts in certain conditions.
• The capability requires Defender XDR Plan 2 and integrates with Defender for Identity, Office 365, and Cloud apps.

New auto-isolation feature aims to accelerate attack response

Microsoft has introduced a preview of automatic device isolation within its Defender for Endpoint auto attack disruption tool, designed to help security professionals rapidly contain ongoing cyberattacks on IT networks. The feature, announced earlier this month, automatically blocks most network traffic while maintaining connectivity to security services, effectively creating a "logical air gap" to sever command-and-control (C2) communications and halt data exfiltration. Microsoft emphasizes that the isolation is time-limited and scoped to specific incidents, allowing security operators to release quarantined devices at any time.

The capability is part of Microsoft Defender XDR, a unified cloud-based security suite that protects endpoints, manages hybrid identities, and secures email and collaboration tools. By leveraging AI to analyze extended detection and response (XDR) signals, the tool aims to limit attackers' lateral movement across networks. However, the company has not disclosed when the feature will transition from preview to full production.

Experts highlight both promise and peril of autonomous security tools

While the feature addresses the need for faster response times in an era of machine-speed malware and ransomware attacks, experts caution that autonomous AI-driven tools require careful configuration. Johannes Ullrich, dean of research at the SANS Institute, noted that such tools are particularly valuable for under-resourced IT security teams but warned that unconfigured systems could be weaponized by attackers to delay responses. "Automatic isolation and attack disruption are not new concepts," Ullrich said, "but they must be tuned like any other automation capability."

Robert Enderle, an IT consultant, emphasized the critical role of containment in preventing lateral movement. He explained that isolating a compromised endpoint immediately traps threats, preventing a single breach from escalating into an enterprise-wide incident. Additionally, the feature preserves forensic data by maintaining a secure connection to security services, unlike traditional methods like unplugging devices or removing network cables.

Research reveals potential for large-scale operational disruption

A SANS Institute research paper by Marcio Enriquez evaluated the risks of threshold-based autonomous containment systems. The study found that while these tools improve response times, they can inadvertently cause operational disruptions when activated at scale. In a real-world incident from spring 2025, a phishing attack triggered Defender's automated containment measures, disabling an account and restricting logins across multiple devices. Security analysts initially misinterpreted the automated actions as lateral movement, leading to unnecessary emergency escalations.

Enriquez demonstrated a more severe risk through a simulated attack called Autonomous Defense Induced Disruption (ADID), where adversarial activity tricked Defender into disabling all 18 Active Directory identities, including the domain administrator. The research underscores the need for governance controls, privilege-aware safeguards, and system-level constraints to prevent unintended consequences.

Microsoft defends feature while emphasizing configuration controls

Microsoft declined to comment on the SANS research but reiterated its recommendation to keep automatic attack disruption enabled by default. The company argues that disabling the feature increases vulnerability to multi-stage attacks like business email compromise (BEC) and adversary-in-the-middle (AiTM) schemes, where even minutes of dwell time can lead to significant damage. However, Microsoft acknowledges the importance of human oversight, stating that administrators can adjust automation levels by device group, exclude specific users or IP ranges, and reverse automated actions at any time.

The feature requires organizations to enable Defender for Endpoint Plan 2 and is enhanced when integrated with Defender for Identity, Defender for Office 365, and Defender for Cloud apps. Proper configuration of permissions and monitoring is essential to balance security efficacy with operational continuity.

Broader implications for AI-driven cybersecurity

The debate around Microsoft's auto-isolation feature reflects a growing tension in cybersecurity: the trade-off between speed and control in automated defenses. As threats evolve to exploit machine-speed attack vectors, security teams face pressure to adopt AI-driven tools that can match the pace of modern breaches. However, the SANS study highlights the risks of over-reliance on autonomous systems without adequate safeguards.

Organizations deploying such tools must invest in robust configuration practices and maintain clear visibility into automated actions. For under-resourced teams, the benefits of rapid containment may outweigh the risks, but the potential for operational disruption demands careful planning and testing before full-scale adoption.