You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -45,8 +45,7 @@ Isolates a device from accessing external network.
45
45
> - Full isolation is available for all supported Linux devices. See [Microsoft Defender for Endpoint on Linux](/defender-endpoint/microsoft-defender-endpoint-linux).
46
46
> - Selective isolation is available for devices on Windows 10, version 1709 or later, and on Windows 11.
47
47
> - When isolating a device, only certain processes and destinations are allowed. Therefore, devices that are behind a full VPN tunnel won't be able to reach the Microsoft Defender for Endpoint cloud service after the device is isolated. We recommend using a split-tunneling VPN for Microsoft Defender for Endpoint and Microsoft Defender Antivirus cloud-based protection-related traffic.
48
-
> - Calling this API on unmanaged devices triggers the [contain device from the network](../respond-machine-alerts.md#contain-devices-from-the-network) action.
49
-
48
+
> - Calling this API on unmanaged devices triggers the [contain device from the network](../respond-machine-alerts.md#contain-devices-from-the-network) action. The IsolationType value should be set to 'UnManagedDevice.'
50
49
51
50
## Permissions
52
51
@@ -59,10 +58,9 @@ Delegated (work or school account)|Machine.Isolate|'Isolate machine'
59
58
60
59
> [!NOTE]
61
60
> When obtaining a token using user credentials:
62
-
>
63
-
> - The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](../user-roles.md) for more information)
64
-
> - The user needs to have access to the device, based on device group settings (See [Create and manage device groups](../machine-groups.md) for more information)
65
-
>
61
+
> - The user needs to have at least the following role permission: 'Active remediation actions.' For more information, see [Create and manage roles](../user-roles.md).
62
+
> - The user needs to have access to the device, based on device group settings. See [Create and manage device groups](../machine-groups.md) for more information.
63
+
>
66
64
> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.
In the request body, supply a JSON object with the following parameters:
84
82
85
-
Parameter|Type|Description
86
-
:---|:---|:---
87
-
Comment|String|Comment to associate with the action. **Required**.
88
-
IsolationType|String|Type of the isolation. Allowed values are: 'Full' or 'Selective'.
83
+
|Parameter|Type|Description|
84
+
|:---|:---|:---|
85
+
|Comment|String|Comment to associate with the action. **Required**.|
86
+
|IsolationType|String|Type of the isolation. Allowed values are: **Full**, **Selective**, or **UnManagedDevice**.|
89
87
90
88
**IsolationType** controls the type of isolation to perform and can be one of the following:
91
89
92
-
- Full: Full isolation
93
-
- Selective: Restrict only limited set of applications from accessing the network (see [Isolate devices from the network](../respond-machine-alerts.md#isolate-devices-from-the-network) for more details)
90
+
- Full: Full isolation. Works for managed devices.
91
+
- Selective: Restrict only limited set of applications from accessing the network on managed devices. For more information, see [Isolate devices from the network](../respond-machine-alerts.md#isolate-devices-from-the-network).
92
+
- UnManagedDevice: The isolation targets unmanaged devices only.
94
93
95
94
## Response
96
95
@@ -100,7 +99,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti
100
99
101
100
### Request
102
101
103
-
Here is an example of the request.
102
+
Here's an example of the request.
104
103
105
104
```http
106
105
POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate
0 commit comments