-
Thank you Lois for the clarification 🙏🏻
So if I understand correctly, device isolation requires manual approval in AIR, which distinguishes between “low-impact” actions (running a scan, quarantining an email, etc.) and “high-impact” actions such as device.
➡️ However, is it true that automatic device isolation is still possible via a Sentinel Playbook or a Defender Custom Detection Rule?
Also, do you have any other example of high-impact actions that need manual validation in AIR? 👌🏻
