Enabling web content filtering in Microsoft Defender for Endpoint
After my last article I got siked about writing more articles based on the MfE techniques.
Today I wanted to share another feature called Web Content Filtering.
What this does is enabling you to block and report on content your users are browsing to like Social Media, gambling sites etc.
Because Web Content Filtering is part of the overall MDfE product you will have a unified experience where you can track all the activities and get a good sense of what is happening on your company’s workstations.
Enabling this feature only requires a few steps and is relatively easy to start with.
Now let’s start with the requirements.
You will need one of the following licenses in order to start using Web Content Filtering:
- Windows 10 Enterprise E5
- Microsoft 365 E3 + Microsoft 365 E5 Security add-on
Web Content Filtering is currently in public preview and therefore not fully supported in terms of troubleshooting from Microsoft itself, you will find more information on this on the following Docs page:
Now let’s get to it!
Enable the MDfE preview features
We start off by enabling the preview features for MDfE which allows us to use Web Content Filtering.
Activate the web content filtering option
Next up is enabling the Web Content Filtering which will give is the option to create rules for the content filter and to view reports.
Set up Network Protection for browsers other than Edge
Microsoft uses 2 methods to force the content filter, for Edge the Smartscreen feature will be used and for all the other browsers the network protection feature built into Windows is being used.
To create compatibility for the non-Edge browsers you will need to turn on this feature which can be done via a Endpoint protection configuration policy in Endpoint Manager.
Create a web content filtering policy
After all the prerequisites have been set up you can start creating policies. This process is pretty straight forward, there is only thing to keep in mind. If you only plan to audit visits to categorized and un-categorized websites then do not check any boxes but just create a “empty” policy.
The End Result
As you can see in the below video browsing to the social networks is prohibited. Edge will show a placeholder whereas the other browsers will get blocked by Network Protection which will also take care of the notification to your users.
Viewing reports for visited and blocked content
To view the results of the policies you can go into Reports > Web Protection and get different views as you can see below.
Although this feature hasn’t been released officially I must say it feels very production ready.
This concludes my blog about Web Content Filtering, if you have any questions then please let me know!
Also, don’t forget to connect with me via the following platforms: