Skip to content
Defender Web Filter
Home » Defender for Endpoint - Web Filter

Defender for Endpoint - Web Filter

Within the organizational network, traffic is usually monitored by an internal firewall. However, if the device is outside the "four walls" and no VPN, proxy or third-party tool is used to monitor Internet traffic, the end user can move freely on the Internet. This is not always desired. You can use the web filter in the Defender for Endpoint and also in Defender for Business configure.

Table of Contents


One of these licenses:

  • Windows 10/11 Enterprise E5
  • Microsoft 365 E5
  • Microsoft 365 E5 Security
  • Microsoft 365 E3
  • Microsoft Defender for Endpoint Plan 1 or Plan 2
  • Microsoft Defender for Business
  • Microsoft 365 Business Premium

Operating system:

  • Windows 11
  • Windows 10 (version 1607 or newer)


  • Smart Screen - active
  • Network Protection - active

Activate feature

The feature is becoming more active very quickly Security Center under:
Settings > endpoints > Advanced features > Web content filtering

Enable smart screen and network protection with Intune

You can activate the two policies in different places. I'll show you how to activate both in a "Setting catalog" profile. Other options are via "Security Baseline", antivirus profile or with a classic GPO.

To do this, create a new profile:
Intune > Devices > Windows > Configuration profiles > + Create profile
(Windows 10 and later / Settings catalogue)

Intune, new Settings catalog
Intune profile name

Now add an option and then search for "Configure Microsoft Defender SmartScreen":

Intune Settings picker, Smart Screen

Then add the "Network protection" added:

Intune Settings picker, Network protection

Once both settings have been added, activate them as follows:

Intune enable Network protection and Smart Screen

Finally, you only assign the policy to a desired device group.

Create & assign policy

You can now also create a policy in the endpoint settings of the Security Center:
Settings > endpoints > Web content filtering

Defender web filter

If you have just activated the option and the menu item is not visible, it is best to log in again.

During creation, you can choose which categories to block. Any categories you don't select will be monitored. If you don't define a blocking category, the policy will run in audit mode.
Here is an overview of all categories including subcategories:

Defender Web Filter categories
As of February 2023

In the Defender for Business these are already all the settings that you have to make or can make. They are applied directly to all devices.

In the Defender for Endpoint you also have the option of applying web filter guidelines only to certain scopes.

Defender web filter assigned

I have put together how the scopes work and where you can create them here:
Defender for Endpoint scope tag via Intune | scloud

monitor behavior

In the Security Center almost at the bottom you will find them reports and in this the point "Web protection".

Defender Web protection report

Here you have a nice visualized overview of accesses, blocks and what was affected:

Defender Web filter report

If you click on the details, you will also see more precisely from which subcategory, domain or group the access was blocked or only monitored:

Defender Web Filter report, Web categories
Defender Web Filter report, Domains
Defender Webfilter report, Machine groups

define exceptions

You add exceptions in the "Indicators":
Settings > endpoints > indicators > URLs/Domains > + Add items

Defender Web Filter, exceptions

You can unblock entire domains or specific URLs. In addition, you can define whether these are completely ignored, monitored, warned or always blocked.

Defender Web Filter exception, Response action
Defender Web Filter exception, URL/Domain

user experience

Blocked content is displayed differently depending on the browser. There are two main differences, Edge with Smart Screen and all other browsers protected by "Network Protection".

Microsoft Edge - Web Filter

Defender Web filter, Microsoft Edge

3rd party browser - web filter

Such as Google Chrome, Mozilla Firefox or Opera.

Defender Web filter, Google Chrome

4 thoughts on “Defender for Endpoint - Webfilter”

  1. Moin,

    ich nutze für einen meiner Kunden die Education Lizenzen "MS 365 A3 für Lehrpersonal".
    Sind diese nicht gleichwertig wie "MS 365 E3" und sollten damit für sie Nutzung des Defender für Business ausreichend sein?
    Ich komme normal ins Defender Portal, habe dort aber unter Einstellungen den Punkt "Endpoint" nicht zur Verfügung.
    Auch nachdem ich im Intune das Konfigurationsprofil angepasst und Smartscreen und Network Protection aktiviert habe taucht der Menüpunkt nicht auf.
    Kann es sein das sich die Menüpunkte in den letzten 2,5 Wochen geändert haben oder das in den Education Lizenzen Defender for Business nicht Lizenziert ist?
    Alle anderen Menüpunkte wie oben auf deinen Screenshots stehen mir auch zur Verfügung.

    Gruß Sebastian

    1. Mir stehen im Defender unter Einstellungen folgende Punkte zur Verfügung:

      Microsoft 365 Defender
      E-Mail & Zusammenarbeit
      Unter keinen dieser Menüpunkte finden sich die Einstellungen wie bei dir oben im Bild 6.

    2. Hallo Sebastian, sollte eigentlich nicht.
      Möglicherweise ist der Defender noch nicht initialisiert. Hast du in der Seitennavigation den Punkt "Geräte" oder "Inventar"?
      Wenn du das erste Mal auf diesen gehst, beginnt das initiale setup (kann bis zu 30min dauern)

Leave a Reply

Your email address will not be published. Required fields are marked *