In co managed MSP environments, organization level Admins or Security Engineers often manage remediation and recovery after an incident.

When an endpoint is isolated during an incident and remediation is complete, it would be very useful for organization level Admins or Security Engineers to de isolate the host without escalating back to the MSP.

This would reduce operational friction. It would speed up recovery. It would better reflect how MSPs and internal IT teams work in practice.

The permission could be limited to post incident de isolation only and restricted to the organization level.