From bc6ea5dccd72f84694f8e2f3fa907f3deb1bbe64 Mon Sep 17 00:00:00 2001 From: crsutaru <109464039+crsutaru@users.noreply.github.com> Date: Thu, 9 Jul 2026 14:07:00 +0300 Subject: [PATCH 1/2] Adding information Adding the fact that isolation actions are automatically lifter after 7 days in the "Important points to keep in mind" section. --- defender-endpoint/respond-machine-alerts.md | 1 + 1 file changed, 1 insertion(+) diff --git a/defender-endpoint/respond-machine-alerts.md b/defender-endpoint/respond-machine-alerts.md index 98ccdc81c1a..ca58ca4b12f 100644 --- a/defender-endpoint/respond-machine-alerts.md +++ b/defender-endpoint/respond-machine-alerts.md @@ -226,6 +226,7 @@ Depending on the severity of the attack and the sensitivity of the device, you m - Exclusions, such as e-mail, messaging application, and other applications for both macOS and Linux isolation aren't supported. - An isolated device is removed from isolation when an administrator modifies or adds a new `iptable` rule to the isolated device. - Isolating a server running on Microsoft Hyper-V blocks network traffic to all child virtual machines of the server. +- Isolation restrictions are automatically lifted after a 7-days duration. The device isolation feature disconnects the compromised device from the network while retaining connectivity to the Defender for Endpoint service, which continues to monitor the device. On Windows 10, version 1709 or later, you can use selective isolation for more control over the network isolation level. You can also choose to enable Outlook and Microsoft Teams connectivity. From d5634be440df8d3451e6346162d002b4cad09602 Mon Sep 17 00:00:00 2001 From: Shawn Kupfer <60445862+ShawnKupfer@users.noreply.github.com> Date: Thu, 9 Jul 2026 12:07:56 -0500 Subject: [PATCH 2/2] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- defender-endpoint/respond-machine-alerts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender-endpoint/respond-machine-alerts.md b/defender-endpoint/respond-machine-alerts.md index ca58ca4b12f..71761fdb33b 100644 --- a/defender-endpoint/respond-machine-alerts.md +++ b/defender-endpoint/respond-machine-alerts.md @@ -226,7 +226,7 @@ Depending on the severity of the attack and the sensitivity of the device, you m - Exclusions, such as e-mail, messaging application, and other applications for both macOS and Linux isolation aren't supported. - An isolated device is removed from isolation when an administrator modifies or adds a new `iptable` rule to the isolated device. - Isolating a server running on Microsoft Hyper-V blocks network traffic to all child virtual machines of the server. -- Isolation restrictions are automatically lifted after a 7-days duration. +- Device isolation is automatically lifted after seven days. The device isolation feature disconnects the compromised device from the network while retaining connectivity to the Defender for Endpoint service, which continues to monitor the device. On Windows 10, version 1709 or later, you can use selective isolation for more control over the network isolation level. You can also choose to enable Outlook and Microsoft Teams connectivity.