Within the organizational network, traffic is usually monitored by an internal firewall. However, if the device is outside the "four walls" and no VPN, proxy or third-party tool is used to monitor Internet traffic, the end user can move freely on the Internet. This is not always desired. You can use the web filter in the Defender for Endpoint and also in Defender for Business configure.
Table of Contents
- Requirements
- Activate feature
- Enable smart screen and network protection with Intune
- Create & assign policy
- Monitor Behavior
- Add Exceptions
- User Experience
Requirements
One of these licenses:
- Windows 10/11 Enterprise E5
- Microsoft 365 E5
- Microsoft 365 E5 Security
- Microsoft 365 E3
- Microsoft Defender for Endpoint Plan 1 or Plan 2
- Microsoft Defender for Business
- Microsoft 365 Business Premium
Operating system:
- Windows 11
- Windows 10 (version 1607 or newer)
Configuration:
- Smart Screen - active
- Network Protection - active
Activate feature
The feature is becoming more active very quickly Security Center under:
Settings > endpoints > Advanced features > Web content filtering
Enable smart screen and network protection with Intune
You can activate the two policies in different places. I'll show you how to activate both in a "Setting catalog" profile. Other options are via "Security Baseline", antivirus profile or with a classic GPO.
To do this, create a new profile:
Intune > Devices > Windows > Configuration profiles > + Create profile
(Windows 10 and later / Settings catalogue)
Now add an option and then search for "Configure Microsoft Defender SmartScreen":
Then add the "Network protection" added:
Once both settings have been added, activate them as follows:
Finally, you only assign the policy to a desired device group.
Create & assign policy
You can now also create a policy in the endpoint settings of the Security Center:
Settings > endpoints > Web content filtering
If you have just activated the option and the menu item is not visible, it is best to log in again.
During creation, you can choose which categories to block. Any categories you don't select will be monitored. If you don't define a blocking category, the policy will run in audit mode.
Here is an overview of all categories including subcategories:
In the Defender for Business these are already all the settings that you have to make or can make. They are applied directly to all devices.
In the Defender for Endpoint you also have the option of applying web filter guidelines only to certain scopes.
I have put together how the scopes work and where you can create them here:
Defender for Endpoint scope tag via Intune | scloud
Monitor Behavior
In the Security Center almost at the bottom you will find them reports and in this the point "Web protection".
Here you have a nice visualized overview of accesses, blocks and what was affected:
If you click on the details, you will also see more precisely from which subcategory, domain or group the access was blocked or only monitored:
Add Exceptions
You add exceptions in the "Indicators":
Settings > endpoints > indicators > URLs/Domains > + Add items
You can unblock entire domains or specific URLs. In addition, you can define whether these are completely ignored, monitored, warned or always blocked.
User Experience
Blocked content is displayed differently depending on the browser. There are two main differences, Edge with Smart Screen and all other browsers protected by "Network Protection".
Microsoft Edge - Web Filter
3rd party Browser - Web Filter
Such as Google Chrome, Mozilla Firefox or Opera.
Moin,
ich nutze für einen meiner Kunden die Education Lizenzen "MS 365 A3 für Lehrpersonal".
Sind diese nicht gleichwertig wie "MS 365 E3" und sollten damit für sie Nutzung des Defender für Business ausreichend sein?
Ich komme normal ins Defender Portal, habe dort aber unter Einstellungen den Punkt "Endpoint" nicht zur Verfügung.
Auch nachdem ich im Intune das Konfigurationsprofil angepasst und Smartscreen und Network Protection aktiviert habe taucht der Menüpunkt nicht auf.
Kann es sein das sich die Menüpunkte in den letzten 2,5 Wochen geändert haben oder das in den Education Lizenzen Defender for Business nicht Lizenziert ist?
Alle anderen Menüpunkte wie oben auf deinen Screenshots stehen mir auch zur Verfügung.
Gruß Sebastian
Mir stehen im Defender unter Einstellungen folgende Punkte zur Verfügung:
Sicherheitscenter
Microsoft 365 Defender
E-Mail & Zusammenarbeit
Cloud-Apps
Unter keinen dieser Menüpunkte finden sich die Einstellungen wie bei dir oben im Bild 6.
Hast du eine Defender for Business oder Premium Lizenz in deinem Tennant?
Manchmal hilf es auch diese kurzzeitig dem Admin zuzuweisen.
Hallo Sebastian, sollte eigentlich nicht.
Möglicherweise ist der Defender noch nicht initialisiert. Hast du in der Seitennavigation den Punkt "Geräte" oder "Inventar"?
Wenn du das erste Mal auf diesen gehst, beginnt das initiale setup (kann bis zu 30min dauern)
Hello,
I have followed this article and the web filtering does not work for me.
I use the following licenses for my test user account.
Enterprise Mobility + Security E5
Microsoft 365 Business Standard
Windows 10/11 Enterprise E5
I have a test group that consists of my test user and device pc name.
For the scope policy, I do not see the option to apply to any machines. However, in the MS documentation, it states it will apply to all machines. I have not seen the web filtering applied yet.
I haven't tried your licence mix yet. But I have had problems in a tenant where we had Business and Enterprise licences for Defender in a mix.
As you cannot see an area for the policy, I guess you think it is licensed under "Defender for Business" and in your allocation you have the Endpoint License.