04-21-2022 10:21 AM
Anyone have tips on figuring out how to allow exceptions to successfully communication over the internet while an endpoint is in isolation? I would like Microsoft Intune to be able to continue to reach the device while the device is in isolation for the purpose of lock-down policy enforcement and location tracking. While I understand the isolation feature is designed for mitigation of a security compromised device, I would like to explorer using this feature as a method to ensure a user doesn't attempt to data dump their laptop upon an abrupt termination.
Any insight would be greatly appreciated! Thanks all!
04-21-2022 04:29 PM
@rkaltenbach You can achieve this by using the agent profile under Prevention settings for policy management:
Policy Management > Prevention > Profile > Agent Profile > Response Actions
Supporting Documentation: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/custo...
Thanks.
04-22-2022 08:10 AM
Yes, I'm aware of where the exceptions go... Curious as to what the community has put there. Intune seems to rely on services, which are not executables. I believe this is my biggest hang-up here. I'm also not finding any good logging as to what the endpoint is trying to use to access the internet while in isolation.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
