Device Management
Endpoint Detection & Response
Vulnerability Management
Kai
Liftoff
Prism
Migration Agent
Auto Apps
Passport
Compliance
Assignment Maps
Managed OS
Integrations
Mac
iPhone and iPad
Apple TV
Vision Pro
Financial Services
Technology
Artificial Intelligence
Marketing Agencies
Healthcare & Biotech
Consumer Brands
Startup
Growth
Enterprise
Resources Hub
The Sequence
Customer Stories
Reviews
Mac Admins Community
Security Details
MDM Comparison Guide
Customer Support
Product Updates
Kandji Status
Customer Login
Register a Deal
Become a Partner
Partner Portal
About Kandji
News & Press
Careers
Contact
Why Kandji?
Back to Product UpdatesDevice Isolation gives you the ability to immediately sever a network connection for any macOS device suspected of compromise. This feature, accessible directly within the Threats section, allows for rapid containment of active threats like malware or unauthorized lateral movement.
Administrators can choose between two levels of isolation based on the severity of the incident. Partial Isolation disconnects the device from the general network while maintaining a secure link to the agent, enabling remote remediation or forensic data collection. Complete Isolation acts as a total lockdown, cutting off all network communication for high-severity scenarios where total containment is required.
These actions can be performed on individual devices or as a bulk action for all devices associated with a specific detection. Visual indicators, such as a locked globe symbol, clearly mark quarantined machines within the interface and device records.
This capability significantly reduces the time between detection and response by removing the need to switch to separate network management tools. By collapsing the containment workflow into a single action, security teams can prevent data exfiltration or the spread of threats across the fleet in seconds.
Today, this feature is launched in a preview state to all customers who have Iru EDR.
For more information, see our support article.
