Release a Microsoft Defender endpoint machine from isolation
Approval-gated Microsoft Defender for Endpoint release-from-isolation workflow for one machine. It reads the machine and recent machine actions for context, then calls recued-core.microsoft-defender-endpoint.machine.unisolate for exactly that machine. It does not run live response, offboard devices, run antivirus scans, quarantine files, collect packages, mutate tags, create indicators, bulk-update alerts, or call arbitrary Defender APIs.
How it works
Inspect the data fetches, transforms, gates, and output this recipe runs.
Process (9 steps)
machine_id
trim
Trim whitespace from setting machine id
comment
trim
Trim whitespace from setting comment
machine_action_filter
template
Generate text from a template
machine_before
?
actions_raw
?
release
?
actions
default
Apply default
action_count
count
Count items in actions
card
to_summary
Format results as a summary card
Settings
Configurable at install. Defaults shown — change them anytime in Recued.
comment
setting
=
Release machine from isolation after validation.
machine id
setting
=
microsoft defender
setting
=
Trust & control
What installing this recipe would let it do. Recued grants these permissions at install — review them there before approving.