Defender for Endpoint - Web Filter
- Florian Salzmann
- Posted on 15 Feb, 2023
- Updated on 18 Aug, 2023
- 03 Mins read
- Defender for Business,Defender for Endpoint,Microsoft Intune,Security,Windows 10,Windows 11
Within the organizational network, traffic is usually monitored by an internal firewall. However, if the device is outside the “four walls” and no VPN, proxy or third-party tool is used to monitor Internet traffic, the end user can move freely on the Internet. This is not always desired. You can use the web filter in the Defender for Endpoint and also in Defender for Business configure.
Requirements
One of these licenses:
- Windows 10/11 Enterprise E5
- Microsoft 365 E5
- Microsoft 365 E5 Security
- Microsoft 365 E3
- Microsoft Defender for Endpoint Plan 1 or Plan 2
- Microsoft Defender for Business
- Microsoft 365 Business Premium
Operating system:
- Windows 11
- Windows 10 (version 1607 or newer)
Configuration:
- Smart Screen - active
- Network Protection - active
Activate feature
The feature is becoming more active very quickly Security Center under:
Settings > endpoints > Advanced features > Web content filtering

Enable smart screen and network protection with Intune
You can activate the two policies in different places. I’ll show you how to activate both in a “Setting catalog” profile. Other options are via “Security Baseline”, antivirus profile or with a classic GPO.
To do this, create a new profile:
**Intune > Devices > Windows > Configuration profiles > + Create profile
**(Windows 10 and later / Settings catalogue)
Now add an option and then search for “Configure Microsoft Defender SmartScreen”:
Then add the “Network protection” added:
Once both settings have been added, activate them as follows:
Finally, you only assign the policy to a desired device group.
Create & assign policy
You can now also create a policy in the endpoint settings of the Security Center:
Settings > endpoints > Web content filtering
If you have just activated the option and the menu item is not visible, it is best to log in again.
During creation, you can choose which categories to block. Any categories you don’t select will be monitored. If you don’t define a blocking category, the policy will run in audit mode.
Here is an overview of all categories including subcategories:
As of February 2023
In the Defender for Business these are already all the settings that you have to make or can make. They are applied directly to all devices.
In the Defender for Endpoint you also have the option of applying web filter guidelines only to certain scopes.
I have put together how the scopes work and where you can create them here:
Defender for Endpoint scope tag via Intune | scloud
Monitor Behavior
In the Security Center almost at the bottom you will find them reports and in this the point “Web protection”.
Here you have a nice visualized overview of accesses, blocks and what was affected:
If you click on the details, you will also see more precisely from which subcategory, domain or group the access was blocked or only monitored:
Add Exceptions
You add exceptions in the “Indicators”:
Settings > endpoints > indicators > URLs/Domains > + Add items
You can unblock entire domains or specific URLs. In addition, you can define whether these are completely ignored, monitored, warned or always blocked.
User Experience
Blocked content is displayed differently depending on the browser. There are two main differences, Edge with Smart Screen and all other browsers protected by “Network Protection”.
Microsoft Edge - Web Filter
3rd party Browser - Web Filter
Such as Google Chrome, Mozilla Firefox or Opera.


















