Need some context on a situation around “Isolating devices” on a network within Defender 365. What are business’s procedures when it comes to isolating Servers i.e. Production servers like ADFS. And also including what type of scope is applied from the client on if the organisation is allowed to isolate said server for the investigation of the malicious activity.
In terms of POV is from a SOC environment.