Enabling web content filtering in Microsoft Defender for Endpoint
Web content filtering is part of the web protection features in Microsoft Defender for Endpoint. It allows the organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, can be problematic due to compliance regulations, bandwidth usage or other concerns.
Filtering features for web protection in Microsoft Defender
- Users are prevented from accessing websites in blocked categories, whether they are browsing locally or remotely.
- The security team can conveniently enforce policies on groups of users using device groups defined in Microsoft Defender for access control settings based on logon point roles.
- The security team can access web reports in the same central location, with visibility into actual blocks and web usage.
Requirements
- The security team can access web reports in the same central location, with visibility into actual blocks and web usage.
- Subscription includes one of the following: Windows 10 Enterprise E5, Microsoft 365 E5, Microsoft 365 E5 Security, Microsoft 365 E3 + Microsoft 365 E5 Security add-on or Microsoft Defender for Endpoint standalone license.
- The organization's devices are running Windows 10 (version 1607) or later, or Windows 11 with the latest antivirus/antimalware updates.
- Windows Defender SmartScreen and Network Protection are enabled on the organization's devices.
Configuration in Intune
To activate the filtering first we are going to need to configure the devices that we want to apply the Web filtering, for it we are going to create from Intune a Windows Defender Antivirus policy.
1. We accede to endpoint.microsoft.com
2. We go to Security of the connection points, and we click in Antivirus
3. We create a new policy or we modify if we already have some previous one.
4. In the settings we go to Real-time protection and activate Enable network protection.
Enable web content filtering
In the Microsoft Defender for Endpoint settings, we are going to enable web content filtering, which is located in the Advanced Features.
1. Go to security.microsoft.com
2. Click on Settings, and go to Connection Points.
3. Within the configuration we enter in Advanced Features and activate the Web Content Filtering.
Configuring web content filtering policies
Now we have to create a policy with the web categories that we want to filter in the selected devices, inside the configuration of Connection Points.
1. Go to security.microsoft.com
2. Click on Configuration, and go to Connection Points.
3. Go to the Web Content Filtering section and click on Add item.
a. Name of the directive
b. Categories that we can block.
c. Scope, group of computers or all devices.
d. Finally click on save
After completing all the steps we will have activated the web content filtering for our company's devices, if we only want to monitor without blocking web access we can create a policy without selecting any category, then we can access https://security.microsoft.com/webprotection and view reports of the blocking and audits of web filtering.
If you have any questions or think we can help your organization, do not hesitate to contact us. We will be happy to help you😊