test
More

    Content Filtering with Microsoft Defender for Endpoint

    Why is Content Filtering Important?

    Web content filtering is a critical element of a comprehensive information security strategy.

    In conclusion, web content filtering is an important security control that helps protect the organization’s network, data, and users from a variety of online threats while ensuring compliance, productivity, and efficient use of resources.

    Malware Protection By blocking access to known malicious websites, web content filtering can protect an organization from threats such as malware, ransomware, phishing attacks, and other online threats.

    Compliance Many organizations are subject to regulations that require certain types of content to be blocked. For instance, healthcare and financial organizations often must comply with strict data privacy regulations. Web content filtering can help ensure that employees don’t inadvertently violate these regulations.

    Productivity By restricting access to non-work related websites (like social media or streaming services), organizations can limit distractions and increase productivity.

    Bandwidth Consumption Streaming media and downloading large files can consume a lot of bandwidth. By filtering web content, organizations can ensure that bandwidth is used more efficiently.

    Liability Inappropriate content, such as material that is offensive or even illegal, can expose organizations to liability. A good web content filtering solution can help mitigate these risks by blocking access to such content.

    Data Leakage Web content filtering can prevent unauthorized upload or sharing of sensitive data, thus preventing data leaks.

    Control and Visibility It provides organizations with control over what employees can access online and gives them visibility into their online activities, which is crucial for understanding and managing risks.

    Microsoft Defender For Endpoint

    Microsoft Defender for Endpoint, previously known as Microsoft Defender Advanced Threat Protection, is a unified platform for preventative protection, post-breach detection, automated investigation, and response. It provides advanced, real-time threat protection and post-breach detection using advanced machine learning algorithms, behavior-based detection, and big data analysis.

    Defender for Endpoint is available via several different Microsoft licenses. The following licenses:

    • Microsoft Defender for Endpoint P1/P2
    • Microsoft Business Premium
    • Microsoft 365 E3
    • Microsoft 365 E5

    Defender for Endpoint provides a basic content filtering solution that can provide a good solution for organizations not using another approach. Malicious websites and websites that need to be blocked for legal and compliance reasons can be blocked.

    How to Enable Content Filtering in Defender for Endpoint

    Content Filtering can be configured via the Microsoft 365 Defender Portal (https://security.microsoft.com/).

    Navigate to the Settings page

    A screenshot of a computer

Description automatically generated

    Select Endpoints from the Settings menu.

    A screenshot of a computer

Description automatically generated

    Navigate to the Web Content Filtering section.

    A screenshot of a computer

Description automatically generated

    On the Web Content Filtering page, you can Add a New Policy, Delete a Policy, or edit an existing Policy.

    A screenshot of a computer

Description automatically generated

    Add a new Policy, and give the policy a name.

    A screenshot of a computer

Description automatically generated

    On the next screen, select the web categories you want to block.

    A screenshot of a computer

Description automatically generated

    On the next screen, define the scope of the policy. Select the Machine Groups to apply the policy. By default, you’d have the UnassignedGroup available.

    A screenshot of a computer

Description automatically generated

    On the next screen you’ll have a summary of the policy. Click Submit to create the policy.

    A screenshot of a computer

Description automatically generated

    It will take about an hour for the policy to begin to apply to machines.

    Testing Policies

    After about an hour of creating a policy, you can begin testing the policy. On the device the policy is applied to, you can open a browser and attempt to access a website in the blocked categories.

    Microsoft Edge shows the following type of Block Message

    A red screen with white text

Description automatically generated

    Google Chrome will display a more basic message with a 403 error message.

    A screenshot of a computer

Description automatically generated

    Windows Security Notifications will also show an alert if a website is blocked.

    A screenshot of a black screen

Description automatically generated

    Custom Allow/Block of Websites

    Defender for Endpoint allows you to explicitly block websites or explicitly allow websites that may be blocked in a category. The Custom Indicator overrides any category block.

    A screenshot of a computer

Description automatically generated

    Creating a Custom Indicator

    1. Select Settings > Endpoints > Indicators (under Rules).
    2. Select the URLs/Domains tab.
    3. Click Add item.
    4. Specify the following details:
    5. URL/Domain: Specify the URL or domain name you want to allow or block.
    6. Enter a name for this rule in the Title.
    7. Enter a description of the rule in the Description.
    8. You can set an Expiration or leave it as Never.
    9. Response Action: Select either Allow or Block. You can also select Warn or Audit for logging purposes.
    10. Organization Scope: Select either All Devices in my Organization or Specific Machine Groups.
    A screenshot of a computer

Description automatically generated

    Once you save, it will take about an hour to propagate to machines.

    Content Filtering Reporting

    The Microsoft 365 Defender Portal does not provide a lot of reporting on web activity, but it does provide some details to help with understanding Content Filtering activities.

    Select Reports > Web Protection (under Endpoints). You can view graph reports of Web Threats, Malicious URL blocking, and general Web Request details.

    A screenshot of a computer

Description automatically generated

    Most of the graphs allow you to drill down into more details. These reports also allow you to export the details to Excel.

    A screenshot of a computer

Description automatically generated

    Frequently Asked Questions

    Can you create custom categories?

    No, but you can override the Category action using a Custom Indicator for the URL.

    Can you warn instead of block?

    Not directly, but you can create a Custom Indicator that is set to Warn or Audit. The Custom Indicator will always override the Category block.

    Recent Articles

    Security Trends – Q2 2024

    Small businesses are under increasing cyberattack threat. The global cost of cybercrime is predicted to skyrocket, reaching a staggering $23.84 trillion by...

    Basic Microsoft 365 Security Improvements

    Overview Securing Microsoft 365 tenants involves implementing various measures to protect data, prevent unauthorized access, and mitigate potential...

    Cyber Security Trends for 2024

    Summary The state of cybersecurity in 2024 reflects a dynamic and complex landscape shaped by technological advancements,...

    Content Filtering with Microsoft Defender for Endpoint

    Why is Content Filtering Important? Web content filtering is a critical element of a comprehensive information security strategy.

    Migrating to Azure AD Authentication Methods

    Azure AD Authentication Changes On September 30th, 2024, the legacy multifactor authentication and...

    Related Stories

    0 0 vote
    Article Rating
    Subscribe
    Notify of
    guest
    0 Comments
    Inline Feedbacks
    View all comments

    Stay on op - Ge the daily news in your inbox

    0
    Would love your thoughts, please comment.x
    ()
    x