How to setup web content filtering using Defender for EndPoint?

Last few weeks I’ve been working on data loss prevention policies and security features in the Microsoft 365 suite. One of the items that we did touch is web content filtering to protect users from malicious websites, but also to avoid people from uploading documents to content sharing websites. In this manual I am going to show you how to setup web content filtering using Defender for EndPoint.

image 19

Before we continue, we need to make sure that we comply to the license requirements.

License requirements:

Before you can utilize Microsoft Defender SmartScreen you wil need to have one of the following licenses for each end user that you want to apply web content filtering to:

  • Windows 10/11 Enterprise E5
  • Microsoft 365 E5
  • Microsoft 365 A5
  • Microsoft 365 E5 Security
  • Microsoft 365 E3
  • Microsoft Defender for Endpoint Plan 1 or Plan 2
  • Microsoft Defender for Business
  • Microsoft 365 Business Premium

Manual:

Go to the Microsoft Security Portal: https://security.microsoft.com and go to settings at the bottom of the menu.

image

Go to Endpoint, Advanced features and enable the Web content filtering

image 1

Scroll down on the left side to Device Groups, from the right side of the screen click on Add device group to create a target group for your policy.

image 3

Give your device group a name and set Remediation level to Full

image 4

From the next screen we are going to create a group filter. In this case I use the value 2azure

image 5

Fromthe next page you can preview the aplicable devices.

image 6

Now we will need to assign the user group to apply this policy to. This means that you can separate on device and user!

image 7

Scroll down further to Web content filtering. Click on Add Policy

image 2

Give your newly create policy a name

image 8

Select the categories that you would like to be blocked.

image 9

Now select the machine group greated in the step above

image 10

Review the policy and save it.

image 11

URL based filtering

I could be that you just want 1 URL/domain to be blocked. This is also possible. From the left side of the screen go to Indicators, on the right side you can go to URLs/Domains and add an item.

image 12

Give the item a name, in this case we want to block wetransfer completely.

image 13

Select the action that you want to take, use Block to prevent access.

image 14

Create an alert if you need that.

image 15

Again select the machine group that we created earlier and save the indicator.

image 16

Results:

When accessing a website from the categories, the error look like this in Edge:

image 17

When accessing a block url bij the indicators, it looks like this.

image 18

Add a Comment

Your email address will not be published. Required fields are marked *