Post

Web content filtering with Defender for Endpoint
Content filters are used almost in every organization. The function of a content filter is to block websites or files. These sites or files may be malicious or it’s in the company policy to restrict access to for example gambling sites on corporate devices. Block now with Defender for Endpoint!

Content filters are used almost in every organization. The function of a content filter is to block websites or files. These sites or files may be malicious or it’s in the company policy to restrict access to for example gambling sites on corporate devices. Content filters were mainly deployed at the end of the organizations perimeter. Almost every firewall has the ability to filter content. Users working from home aren’t routing their network through these firewall so these filters won’t apply. Microsoft has the web content filtering feature currently in public preview. This feature will allow administrators to restrict access to certain categories and also get control on users internet behaviour.

Note that all traffic is being audited automatically. Users need to be aware of all the aspects that is being monitored. The company policy should state the acceptable use policy. It should also state that all of their internet traffic is being audited on company devices.

Requirements

You will need to meet the following requirements:

  • Windows 10 Enterprise E5, Microsoft 365 E5, Microsoft 365 E5 Security, Microsoft 365 E3 + Microsoft 365 E5 Security add-on or the Microsoft Defender for Endpoint standalone license.
  • Devices running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update.
  • Windows Defender SmartScreen and Network protection enabled.

Configuration

Web content filtering is currently in public preview. Activate preview features to be able to activate web content filtering.

image

This will enable the option to activate web content filtering

image

Create a policy

Web content filtering policies can be added at the settings menu

image

Give your policy a name and select the categories you would like to block. It’s possible to scope this policy to device groups. You may want to allow streaming media & downloads for endpoints but block these for servers.

image

Exclusions

It’s possible to create exclusions based on URL’s. Navigate to Settings –> Indicators

image

Add URL’s or domain names to exclude them from the policy. Set “Allow” as action during the configuration.

image

User behaviour

Web content filtering will work on almost all modern browsers using SmartScreen and Network Protection.

image

This URL is available after adding it to the indicators list.

SNAGHTML5c0e806

Reports

Reports are located under Reports –> Web protection

You can find information about:

  • Web threat detections over time
  • Web activity by category
  • Web activity summary
  • Web content filtering blocks
  • Web threat summary

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Archive