How to setup web content filtering using Defender for EndPoint?
Last few weeks I’ve been working on data loss prevention policies and security features in the Microsoft 365 suite. One of the items that we did touch is web content filtering to protect users from malicious websites, but also to avoid people from uploading documents to content sharing websites. In this manual I am going to show you how to setup web content filtering using Defender for EndPoint.
Before we continue, we need to make sure that we comply to the license requirements.
License requirements:
Before you can utilize Microsoft Defender SmartScreen you wil need to have one of the following licenses for each end user that you want to apply web content filtering to:
- Windows 10/11 Enterprise E5
- Microsoft 365 E5
- Microsoft 365 A5
- Microsoft 365 E5 Security
- Microsoft 365 E3
- Microsoft Defender for Endpoint Plan 1 or Plan 2
- Microsoft Defender for Business
- Microsoft 365 Business Premium
Manual:
Go to the Microsoft Security Portal: https://security.microsoft.com and go to settings at the bottom of the menu.
Go to Endpoint, Advanced features and enable the Web content filtering
Scroll down on the left side to Device Groups, from the right side of the screen click on Add device group to create a target group for your policy.
Give your device group a name and set Remediation level to Full
From the next screen we are going to create a group filter. In this case I use the value 2azure
Fromthe next page you can preview the aplicable devices.
Now we will need to assign the user group to apply this policy to. This means that you can separate on device and user!
Scroll down further to Web content filtering. Click on Add Policy
Give your newly create policy a name
Select the categories that you would like to be blocked.
Now select the machine group greated in the step above
Review the policy and save it.
URL based filtering
I could be that you just want 1 URL/domain to be blocked. This is also possible. From the left side of the screen go to Indicators, on the right side you can go to URLs/Domains and add an item.
Give the item a name, in this case we want to block wetransfer completely.
Select the action that you want to take, use Block to prevent access.
Create an alert if you need that.
Again select the machine group that we created earlier and save the indicator.
Results:
When accessing a website from the categories, the error look like this in Edge:
When accessing a block url bij the indicators, it looks like this.