security: Case study: How predictive shielding in Defender stopped GPO-based ransomware before it started
Microsoft Security Blog
2026-03-23
Microsoft Defender blocked a human-operated ransomware attack that used Group Policy Objects (GPOs) to disable defenses and deploy encryption at scale. Predictive shielding hardened 700 devices in time, preventing any GPO-based encryptions and blocking most of the attempted impact.