One of ‘bonuses’ of Microsoft Defender for Endpoint is the inclusion of web filtering. This means that you can block a range of pre-configured sites as well as custom ones if needed. This article will cover how to set up this capability for pre-configured sites.
To get web filtering working you’ll basically need:
– Windows 10/11 devices onboarded to Defender for Endpoint
– Windows Defender Smartscreen and Network Protection enabled.
Web filtering for other platforms, like iOS and Android, is on the roadmap.
Please note that the options that appear may differ based on what version of Defender for Endpoint you are using (P2, P1 or Business)
Navigate to https://security.microsoft.com and scroll down the menu options on the left and select Settings. From the options that appear on the right select Endpoints.
Locate the Web content filtering option from the menu that now appears, and select + Add item on the right as shown above.
From the dialog that appears from the right, give the policy a name (here, Default) and select the Next button.
Select the Block categories required. You can expand the headings and select individual items insides these. Also note, that you can block both Newly registered domains and Parked domains.
Press the Next button when you have made you choices.
You can target this policy at specific Defender for Endpoint groups if you wish, depending on the version of Defender for Endpoint you use. In this case, no groups have been created, so All devices will be targeted. Note, that Device Groups does not currently appear with Defender for Business and thus all policies there will be scoped to all devices by default.
Press the Next button to continue.
Review the policy summary and select the Save button to complete the creation process.
In my experience it takes around 40 – 45 minutes for this policy to be applied to Windows 10/11 device endpoints, so be patient.
When a restricted site is visited using a Microsoft browser like Edge, you’ll very briefly see the restricted website flash up and then almost immediately be replaced with the content blocked message shown above.
If you use a non-Microsoft browser, Brave in this case, then you will see a message saying that access is denied and you’ll also receive a Windows Security message as shown in the bottom right above.
If you wish to remove or edit a web filtering policy, simply navigate back to the web filtering option in the security console. Changes, including policy deletions, again take about 40 or so minutes to become evident on endpoint devices.
What’s covered here is just the basics. Look out for future article where I cover off how to filter custom sites and locations. You’ll also find lots more details in the Microsoft documentation here:
At this stage (January 2022), as I said earlier, web filtering is only available on Windows 10/11 devices but more options are coming in the very near future.