security: Containing a domain compromise: How predictive shielding shut down lateral movement
Microsoft Security Blog
2026-04-17
Microsoft describes a real-world domain compromise where exposure-based containment and predictive shielding slowed attacker activity, stopped credential abuse, and disrupted lateral movement. The post focuses on how containment reduced the threat actor’s momentum during the incident.