Using Power Automate to Isolate a Machine From the Network When a Threat is Detected in Windows Defender for Endpoint


Alan Pike - TU Dublin


Due to the rise in ransomware attacks within higher education, it has become even more important to be able to isolate threats in real time to prevent the spread of malware across endpoints.

Within TU Dublin, Alan has recently implemented a process, using Power Automate alongside Windows Defender for Endpoint, that isolates a given endpoint device when a high severity threat is detected and triggers an email alert containing the alert information that is sent to the relevant IT helpdesk which is based on the tag applied to the endpoint in question.