Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Filter Web Content with Microsoft Defender for Endpoint

  • March 4, 2021
  • 6 min read
IT and Virtualization Consultant. Romain is specializing in Microsoft technologies such as Hyper-V, System Center, storage, networking, and MS Azure. He is a Microsoft MVP and MCSE in Server Infrastructure and Private Cloud.
IT and Virtualization Consultant. Romain is specializing in Microsoft technologies such as Hyper-V, System Center, storage, networking, and MS Azure. He is a Microsoft MVP and MCSE in Server Infrastructure and Private Cloud.


Microsoft Defender for Endpoint (MDE) is a solution that provides additional layers of security on user devices, such as Windows 10. MDE includes an EDR (Endpoint Detection and Response), automated investigation and response, software inventory, and a lot more tools. In this topic, I’d like to talk about web content filtering because, in this period of COVID and remote office, a lot of customers want to filter web content even if the user is not connected to the information system through VPN for example.

MDE is able to filter web content from a blacklist provided by Microsoft but you can also filter URLs / domains, certificates, and IP addresses. In this topic, I’ll show how to use a blacklist and how to block an URL / Domain.

Enable web content filtering feature

By default, the web content filtering feature is not enabled. So, first, we have to enable this feature. To connect to MDE, navigate to https://security.microsoft.com. Then click on Settings and Endpoints.

Microsoft 365 Security - Settings and Endpoints

Next, select Advanced features and check if web content filtering is enabled.

Microsoft 365 Security - Advanced Features

Add a device group

To target specific devices for web content filtering, you can create a device group. To do that, select Device groups and click on Add device group.

Microsoft 365 Security - Add Device Group

Then provide a device group and an automation level (this setting regards automated investigation and remediation to automate remediation actions). Specify also condition value to fill automatically the device group in the function of the device name, domain tag and/or OS.

Microsoft 365 Security - Edit Device Group

Filter web content from Microsoft blacklist

Navigate to Web content filtering and click on Add item.

Microsoft 365 Security - Web Content Filtering

Provide a name for the policy:

Microsoft 365 Security - Add Policy

Next, select the categories of the website you want to block. You can block a whole category or subcategories.

Microsoft 365 Security - Add Policy - Scope

Next, choose the device group you have created previously.

Microsoft 365 Security - Add Policy - Choose The Device

Finally, click on Save to create the policy.

Microsoft 365 Security - Add Policy - Summary

Now I open a web browser from a Windows 10 device, and I try to navigate to Facebook. As you can see, the content is blocked:

How to block a custom URL

 

How to block a custom URL

Go back to MDE and this time navigate to Indicators and URLs / Domains. Then click on Add Item.

N.B: You can import a list from a CSV file.

Microsoft 365 Security - How to block a custom URL

Next, specify the URL you want to block and the expiration date if you want one:

Microsoft 365 Security - How to block a custom URL - Indicator

Then choose a response action. To block the URL, I chose Alert and Block. Specify an alert title, severity, and a description.

Microsoft 365 Security - How to block a custom URL - Alert and Block

Choose the device group you have created:

Microsoft 365 Security - How to block a custom URL - Choose The Device

Add the end of the process, click on create. Now you have filtered an URL:

Microsoft 365 Security - How to block a custom URL - URLs/Domains

Open again the web browser on the Windows 10 device and navigate to your URL:

Microsoft 365 Security - How to block a custom URL - Example

If you look at MDE, an alert is raised:

Microsoft 365 Security - How to block a custom URL - MDE

Conclusion

As you have seen in this topic, you can do web content filtering without configuring proxy settings in a web browser. You don’t need to configure GPO or scripts to manage these settings anymore. It’s a perfect solution to filter web content even if your user is at home and not connected to the company.

Hey! Found Romain’s article helpful? Looking to deploy a new, easy-to-manage, and cost-effective hyperconverged infrastructure?
Alex Bykovskyi
Alex Bykovskyi StarWind Virtual HCI Appliance Product Manager
Well, we can help you with this one! Building a new hyperconverged environment is a breeze with StarWind Virtual HCI Appliance (VHCA). It’s a complete hyperconverged infrastructure solution that combines hypervisor (vSphere, Hyper-V, Proxmox, or our custom version of KVM), software-defined storage (StarWind VSAN), and streamlined management tools. Interested in diving deeper into VHCA’s capabilities and features? Book your StarWind Virtual HCI Appliance demo today!