From bleepingcomputer.com
Microsoft has announced a new feature for Microsoft Defender for Endpoint (MDE) to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network.
This new feature allows admins to “contain” unmanaged Windows devices on their network if they were compromised or are suspected to be compromised.