How to enable and configure Web Content Filtering within Microsoft Defender for Endpoint

-

So here is the situation. You access Microsoft Defender 365 Portal to enable Web Content Filtering, only to find out it is missing. What do you do?


Well this is because at the time of writing this blog post, Web Content Filtering is still in Preview and in order to enable it, you first need to enable the Preview features in Defender.

To turn on the preview experience setting, 

1. Navigate to Microsoft 365 Defender Portal > Settings > Endpoints > Advanced features > Preview features.

2. Toggle the setting between On and Off and select Save preferences.


Once you have enabled the Preview features, you should see Web Content Filtering listing shortly. In my experience, it can take 15-20 minutes to show up. When it does, just go under Endpoint > Advanced features again and turn it on.


Refresh the page and you should see Web Content Filtering listing under Endpoint > Rules.


Now that we have got the feature enabled, let's see what this feature is all about and how one can configure it.

Web content filtering is part of Web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. 

You can configure policies across your device groups to block certain categories. Blocking a category prevents users from accessing URLs associated with the category. For any category that's not blocked, the URLs are automatically audited and your users can access the URLs without disruption. The users will see a block notification if an element on the page they're viewing is making calls to a blocked resource.

There are some Pre-requisites that you need to consider before using this feature.

1. Windows 10 Enterprise E5, Microsoft 365 E5, Microsoft 365 E5 Security, Microsoft 365 E3 + Microsoft 365 E5 Security add-on, or the Microsoft Defender for Endpoint standalone license. 
2. Access to Microsoft 365 Defender portal (https://security.microsoft.com).
3. Devices running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update.
4. Windows Defender SmartScreen and Network Protection enabled.

I will be covering some of the pre-requisites in another post so for now I will dive right into configuring Web Content Filtering rule.

1. Sign into https://security.microsoft.com
2. Click on Settings and Endpoints
3. Navigate to Web Content Filtering and Add item by the name Web content Baseline Policy (or whatever you wish to call it.)
4. Select the following categories.

Categories

Recommended to be blocked

Adult content

 

Cults

Gambling

Nudity

Pornography/Sexually explicit

Sex education

Tasteless

Violence

High bandwidth

 

Download sites

Image sharing

 

Peer-to-peer

Streaming media & downloads

Legal liability

 

Child abuse images

Criminal activity

Hacking

Hate & intolerance

Illegal drug

Illegal software

School cheating

Self-harm

Weapons

Leisure

 

Chat

Games

Instant messaging

Professional networking

 

Social networking

Web-based email

Uncategorized

 

Newly registered domains

 

Parked domains

 

5. Assign a Device group. I already created a group containing all Windows 10 Devices and you can do the same. It is important to scope the rule as devices in the selected groups will be prevented from accessing websites in the selected categories. Once done, the rule will show up and you can access it to verify for the settings.


You also have the option to create network indicators to create your own custom list of URLs, IPs that you wish to allow or block, but that is for another post for a later time.

Once your Web Content filtering rules are in place, you can head over to Reports in Defender 365 Portal and access the Web Protection Card to see the rules in action.



Conclusion

Web Content Filtering is still in public preview so there are some known issues and limitations. However, if you have invested in an M365 E5 license or equivalent that contains the Defender for Endpoint service, then you can use the feature right out of the box without feeling the need to invest any further in implementing similar Web Content Filtering capabilities.

Comments

Post a Comment

Popular posts from this blog

How to force escrowing of BitLocker recovery keys using Intune

-
Image
Every now and then it so happens that BitLocker recovery keys do not escrow in AAD. The usual culprits are incorrect BitLocker policies and\or the device hardware configuration failing to meet the minimum requirements. The other scenario and something I recently experienced is when everything is setup right and still the recovery key doesn’t escrow in AAD. As I understand, this can happen if the escrow process got interrupted the first time due to network or local devices related issues and the process could not resume. To circumvent this issue, one can simply push a PowerShell script to the devices to force the escrow of the recovery keys to AAD. Here is a script to do so. try{ $BitlockerVol = Get-BitLockerVolume -MountPoint $env:SystemDrive         $KPID=""         foreach($KP in $BitlockerVol.KeyProtector){             if($KP.KeyProtectorType -eq "RecoveryPassword"){                 $KPID=$KP.KeyProtectorId                 break;             }         }        $o
Read more

Intune: Configure Printers for Non-Administrative Users

-
Image
Configuring printers for end users or giving them the ability to do it themselves is a normal requirement for organizations. Now if your users are Administrators, then the configuration can be straight forward, but in case of Non-Administrators there are additional steps required as Non-Administrators will not be able to add a driver in the driver store despite being able to install a printer. In this blog, I will cover the steps that I took to address this requirement using Intune. The setup involves 2 steps -  1. Setup registries. 2. Install the driver and configure the printer Setting up registries – The registries that need to be configured are actually part of a GPO setting – Allow non-administrators to install drivers for these device setup classes It can be found under: Computer Configuration -> Policies -> Administrative Templates -> System -> Driver Installation I used a Powershell script to set the values and wrapped it in a Win32 application. $Path1
Read more

Intune: UAC Elevation Prompt Behavior for Standard Users

-
Image
Implementing and maintaining a good security posture is an integral part of overall IT security governance for most organizations now. While you want to harden the security of infrastructure and give least number of privileges to your end users, sometimes you may need to cut back on the restrictions to ensure a good user experience and an effective IT support process. Recently, I had a requirement where the customer wanted to ease the restriction on the end user devices to make the helpdesk support process more efficient. This involved easing the UAC level access for the Standard users and if you are managing your devices using Intune, then this blog may just help you. Let us see what all is involved and some of the ways that you can use to implement this easily. Policy CSP – LocalPoliciesSecurityOptions LocalPoliciesSecurityOptions has many CSP settings and if you are managing these settings at an individual level, then the CSP that we need to concern ourselves with here is U
Read more