Share via

Defender for Endpoint: How isolate device with high risk automatically?

Sergio Londono 886 Reputation points
2024-03-22T13:38:36.8133333+00:00

Hello team,

How can I auto-isolate a device that comes with a high-risk score?

User's image

User's image

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud Apps
0 comments
Accepted answer
  1. Catherine Kyalo 1,935 Reputation points Microsoft Employee
    2024-04-04T09:13:16.89+00:00

    Hi @Sergio Londono

    1. You can leverage Graph API and Power Automate to achieve auto - Isolation:
    2. Acquire these permissions On your application page, select API Permissions > Add permission > APIs my organization uses > type WindowsDefenderATP and select on WindowsDefenderATP.
    3. Graph Query - https://api.securitycenter.microsoft.com/api/alerts
    4. Power Automate - https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/api-microsoft-flow?view=o365-worldwide#isolate-the-device-if-the-alerts-severity-is-high
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.