Skip to content
Recued
Menu
← Back to recipes

Release a Microsoft Defender endpoint machine from isolation

by recued-core v1

Approval-gated Microsoft Defender for Endpoint release-from-isolation workflow for one machine. It reads the machine and recent machine actions for context, then calls recued-core.microsoft-defender-endpoint.machine.unisolate for exactly that machine. It does not run live response, offboard devices, run antivirus scans, quarantine files, collect packages, mutate tags, create indicators, bulk-update alerts, or call arbitrary Defender APIs.

How it works 9 steps

Inspect the data fetches, transforms, gates, and output this recipe runs.

Process (9 steps)
machine_id trim
Trim whitespace from setting machine id
comment trim
Trim whitespace from setting comment
machine_action_filter template
Generate text from a template
machine_before ?
actions_raw ?
release ?
actions default
Apply default
action_count count
Count items in actions
card to_summary
Format results as a summary card
Settings 3 configurable

Configurable at install. Defaults shown — change them anytime in Recued.

comment setting = Release machine from isolation after validation.
machine id setting =
microsoft defender setting =

Trust & control

What installing this recipe would let it do. Recued grants these permissions at install — review them there before approving.

Where it runs

Device + server Runs on your device (browser) or your server.

Permissions it requires

Read your Microsoft-defender connection
Declared by the recipe — Recued grants these at install, where you review them before approving.

About

Tags

microsoft-defender-endpoint microsoft-defender-endpointdefender-for-endpointendpoint-securitymachinesunisolateincident-responseapprovalpack:microsoft-defender-endpoint

Details

9 steps 3 configurable settings recipe_id: release-microsoft-defender-endpoint-machine-isolation