Windows Defender ATP recently added a new feature allowing Administrators to isolate any computer from accessing the network. This is very useful in scenarios where a compromised machine is actively trying to spread throughout the network .
By responding to the alarm you can click to see possible actions for the compromised host, where you can take several actions:
When we click Isolate Machine we are prompted to enter a comment.
If we look at the client after running the Isolate Machine Action it will take up to a few minutes, when the machine is isolated the client will receive a notification:
The client will now be unable to connect to the network. The same action is required to undo the isolation and user will receive a notification that the client is no longer isolated.
Note, isolation is only available on Win 10 1703 or newer.