Microsoft Defender for Endpoint (MDE) is a solution that provides additional layers of security on user devices, such as Windows 10. MDE includes an EDR (Endpoint Detection and Response), automated investigation and response, software inventory, and a lot more tools. In this topic, I’d like to talk about web content filtering because, in this period of COVID and remote office, a lot of customers want to filter web content even if the user is not connected to the information system through VPN for example.

MDE is able to filter web content from a blacklist provided by Microsoft but you can also filter URLs / domains, certificates, and IP addresses. In this topic, I’ll show how to use a blacklist and how to block an URL / Domain.

Enable web content filtering feature

By default, the web content filtering feature is not enabled. So, first, we have to enable this feature. To connect to MDE, navigate to https://security.microsoft.com. Then click on Settings and Endpoints.

Microsoft 365 Security - Settings and Endpoints

Next, select Advanced features and check if web content filtering is enabled.

Microsoft 365 Security - Advanced Features

Add a device group

To target specific devices for web content filtering, you can create a device group. To do that, select Device groups and click on Add device group.

Microsoft 365 Security - Add Device Group

Then provide a device group and an automation level (this setting regards automated investigation and remediation to automate remediation actions). Specify also condition value to fill automatically the device group in the function of the device name, domain tag and/or OS.

Microsoft 365 Security - Edit Device Group

Filter web content from Microsoft blacklist

Navigate to Web content filtering and click on Add item.

Microsoft 365 Security - Web Content Filtering

Provide a name for the policy:

Microsoft 365 Security - Add Policy

Next, select the categories of the website you want to block. You can block a whole category or subcategories.

Microsoft 365 Security - Add Policy - Scope

Next, choose the device group you have created previously.

Microsoft 365 Security - Add Policy - Choose The Device

Finally, click on Save to create the policy.

Microsoft 365 Security - Add Policy - Summary

Now I open a web browser from a Windows 10 device, and I try to navigate to Facebook. As you can see, the content is blocked:

How to block a custom URL

VSAN from StarWind is software-defined storage (SDS) solution created with restricted budgets and maximum output in mind. It pulls close to 100% of IOPS from existing hardware, ensures high uptime and fault tolerance starting with just two nodes. StarWind VSAN is hypervisor and hardware agnostic, allowing you to forget about hardware restrictions and crazy expensive physical shared storage.

Build your infrastructure with off-the-shelf hardware, scale however you like, increase return on investment (ROI) and enjoy Enterprise-grade virtualization features and benefits at SMB price today!

 

How to block a custom URL

Go back to MDE and this time navigate to Indicators and URLs / Domains. Then click on Add Item.

N.B: You can import a list from a CSV file.

Microsoft 365 Security - How to block a custom URL

Next, specify the URL you want to block and the expiration date if you want one:

Microsoft 365 Security - How to block a custom URL - Indicator

Then choose a response action. To block the URL, I chose Alert and Block. Specify an alert title, severity, and a description.

Microsoft 365 Security - How to block a custom URL - Alert and Block

Choose the device group you have created:

Microsoft 365 Security - How to block a custom URL - Choose The Device

Add the end of the process, click on create. Now you have filtered an URL:

Microsoft 365 Security - How to block a custom URL - URLs/Domains

Open again the web browser on the Windows 10 device and navigate to your URL:

Microsoft 365 Security - How to block a custom URL - Example

If you look at MDE, an alert is raised:

Microsoft 365 Security - How to block a custom URL - MDE

Conclusion

As you have seen in this topic, you can do web content filtering without configuring proxy settings in a web browser. You don’t need to configure GPO or scripts to manage these settings anymore. It’s a perfect solution to filter web content even if your user is at home and not connected to the company.

Views All Time
2
Views Today
19
Back to blog
The following two tabs change content below.
Romain Serre
Romain Serre
Senior consultant at Exakis
Romain Serre works in Lyon as a Senior Consultant. He is focused on Microsoft Technology, especially on Hyper-V, System Center, Storage, networking and Cloud OS technology as Microsoft Azure or Azure Stack. He is a MVP and he is certified Microsoft Certified Solution Expert (MCSE Server Infrastructure & Private Cloud), on Hyper-V and on Microsoft Azure (Implementing a Microsoft Azure Solution).