Web content filtering is a part of web protection capabilities in Microsoft Defender for Endpoint and Microsoft Defender for Business. Web content filtering can be used to track and manage access to websites based on various content categories.
The policies can be applied to either all devices or groups of devices. It’s also available on all the major web browsers as well. Blocking a website is performed by Windows Defender SmartScreen for Microsoft Edge Browser and Network Protection is used for other third-party browsers e.g. Google Chrome.
License Requirements
The following are the license requirements for using web content filtering:
| Subscription | Your subscription must include one of the following: – Windows 10/11 Enterprise E5 – Microsoft 365 E5 – Microsoft 365 A5 – Microsoft 365 E5 Security – Microsoft 365 E3 – Microsoft Defender for Endpoint Plan 1 or Plan 2 – Microsoft Defender for Business – Microsoft 365 Business Premium |
| OS | Windows 10 (1607) or later Windows 11 |
Table of Contents
STEP 1 – Enable Web Content Filtering
Before you can whitelist a URL or domain, you need to enable Web Content Filtering from the Microsoft 365 Defender portal. To do this, log in to the portal with a Security Administrator or Global Administrator role and follow these steps.
- Scroll to the end of the page to find Settings on the left-hand side.
- From the Settings page, Click on Endpoints.
- Under General, Select Advanced features.
- Find Web Content Filtering and toggle the switch to ON.
STEP 2 – Whitelist a URL or domain on Microsoft 365 Defender
To block an entire category of websites, such as Social Networking or High Bandwidth Sites, you can create a policy by going to Settings -> Endpoints -> Web Content Filtering and then clicking on + Add Item to create a policy.
If you want to whitelist a specific URL or domain in Microsoft 365, follow these steps:
- Login on Microsoft 365 defender portal
- Go to Settings and then click on Endpoints
- On the Left hand side find Indicators
- Find URLs/Domains from the list of Indicators
- Click on + Add item to add a URL or Domain
- Once you click on “Add Item,” a flyout will appear where you can provide information about the website you want to whitelist. You can enter either the URL of the website or the domain name. Additionally, you can set an expiry date for this rule.
- In the “Action” tab, select “Allow” to whitelist the website. You should also provide a title and description for this rule. There are other options available, such as “Audit,” “Warn,” and “Block execution.” If you want to block website access, choose “Block execution.” If you want to allow a website with a warning message and set a specific time limit, use the “Warn” option.
- You can apply this rule to either “All devices in my organization” or “Selected devices.” If you choose “Selected devices,” make sure to create a device group first before selecting it from the drop-down list. To create a device group, go to Settings > Endpoints > Permissions > Device groups.
- The Summary page displays an overview of the information you’ve provided to whitelist the website. Verify that the details are correct and then click on “Save” to save the rule.
End-user Experience
When a user attempts to access a website that has been blocked by the Microsoft 365 Defender, user will get different error messages depending on the web browser they are using.
For Microsoft Edge, it will show a red background with “The content is blocked” message. and when using Google Chrome browser, you will get “Site can’t provide a secure connection” error message. Screenshot for both error messages is shown below.
Error Message when using Microsoft Edge web browser
When a user tries to access a blocked website using Edge browser, below error page is shown:
This content is blocked
For your protection, your organization is not allowing you to access the resource or content hosted by gmail.com. To learn more about why you’re seeing this message or to get in touch with your administrator, visit the support page.
Error Message when using Google Chrome web browser
When users try to access a blocked website using Google Chrome, they will get below error message.
This site can’t provide a secure connection. Gmail.com uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
Conclusion
In this blog post, we have seen how to allow or block a certain URL or domain from Microsoft 365 Defender portal. You can first test the change on a few devices by creating a device group and extending it to include more devices. If you have fully tested this change on test devices then you can change the assignment to “All devices in my organization“.
