Web content filtering (Microsoft)

0
(0)

 Tip

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.

Web content filtering is part of the Web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.

Configure policies across your device groups to block certain categories. Blocking a category prevents users within specified device groups from accessing URLs associated with the category. For any category that’s not blocked, the URLs are automatically audited. Your users can access the URLs without disruption, and you’ll gather access statistics to help create a more custom policy decision. Your users will see a block notification if an element on the page they’re viewing is making calls to a blocked resource.

Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and Network Protection (Chrome, Firefox, Brave, and Opera). For more information about browser support, see the prerequisites section.

Benefits of web content filtering

  • Users are prevented from accessing websites in blocked categories, whether they’re browsing on-premises or away.
  • Your security team can conveniently deploy policies to groups of users using device groups defined in Microsoft Defender for Endpoint role-based access control settings.
  • Your security team can access web reports in the same central location, with visibility over actual blocks and web usage.

Prerequisites

Before trying out this feature, make sure you meet the following requirements:

  • Your subscription includes one of the following: Windows 10 Enterprise E5, Microsoft 365 E5, Microsoft 365 E5 Security, Microsoft 365 E3 + Microsoft 365 E5 Security add-on, or the Microsoft Defender for Endpoint standalone license.
  • You have access to Microsoft 365 Defender portal.
  • Your organization’s devices are running Windows 10 Anniversary Update (version 1607) or later, or Windows 11 with the latest antivirus/antimalware updates.
  • Windows Defender SmartScreen and Network Protection are enabled on your organization’s devices.

Data handling

Data is stored in the region that was selected as part of your Microsoft Defender for Endpoint data handling settings. Your data will not leave the data center in that region. In addition, your data will not be shared with any third parties, including our data providers.

Turn on web content filtering

From the left-hand navigation in Microsoft 365 Defender portal, select Settings > Endpoints > General > Advanced Features. Scroll down until you see the entry for Web content filtering. Switch the toggle to On and Save preferences.

Configure web content filtering policies

Web content filtering policies specify which site categories are blocked on which device groups. To manage the policies, go to Settings > Endpoints > Web content filtering (under Rules).

Policies can be deployed to block any of the following parent or child categories:

Adult content
High bandwidth
Legal liability
Leisure
Uncategorized

Create a policy

To add a new policy, follow these steps:

  1. In the Microsoft 365 Defender portal, choose Settings > Web content filtering > + Add policy.
  2. Specify a name.
  3. Select the categories to block. Use the expand icon to fully expand each parent category and select specific web content categories.
  4. Specify the policy scope. Select the device groups to specify where to apply the policy. Only devices in the selected device groups will be prevented from accessing websites in the selected categories.
  5. Review the summary and save the policy. The policy refresh might take up to 2 hours to apply to your selected devices.

 Note

  • You can deploy a policy without selecting any category on a device group. This action will create an audit only policy to help you understand user behavior before creating a block policy.
  • If you are removing a policy or changing device groups at the same time, this might cause a delay in policy deployment.
  • Blocking the “Uncategorized” category may lead to unexpected and undesired results.

End-user experience

The blocking experience for third-party supported browsers is provided by Network Protection, which provides a system-level message notifying the user of a blocked connection. For a more user-friendly, in-browser experience, consider using Microsoft Edge.

Allow specific websites

It’s possible to override the blocked category in web content filtering to allow a single site by creating a custom indicator policy. The custom indicator policy will supersede the web content filtering policy when it’s applied to the device group in question.

To define a custom indicator, follow these steps:

  1. In the Microsoft 365 Defender portal, go to Settings > Endpoints > Indicators > URL/Domain > Add Item.
  2. Enter the domain of the site.
  3. Set the policy action to Allow.

Dispute categories

If you encounter a domain that has been incorrectly categorized, you can dispute the category directly from the portal.

To dispute the category of a domain, navigate to Reports > Web protection > Web Content Filtering Details > Domains. On the domains tab of the Web Content Filtering reports, you will see an ellipsis beside each of the domains. Hover over this ellipsis and select Dispute Category.

A panel will open where you can select the priority and add more details such as the suggested category for recategorization. Once you complete the form, select Submit. Our team will review the request within one business day. For immediate unblocking, create a custom allow indicator.

URL category lookup

To determine the category of a website, you can use the URL search function available on the Microsoft 365 Defender portal (https://security.microsoft.com) under Endpoints > Search. In the URL search results, the web content filtering category appears under URL/Domain details. Administrators can also dispute the category of the domain directly from this page, as shown in the following image. If the category result is not shown, the URL is not currently assigned to an existing web content filtering category.

Image of web content filtering category lookup results.

Web content filtering cards and details

Select Reports > Web protection to view cards with information about web content filtering and web threat protection. The following cards provide summary information about web content filtering.

Web activity by category

This card lists the parent web content categories with the largest increase or decrease in the number of access attempts. Understand drastic changes in web activity patterns in your organization from last 30 days, 3 months, or 6 months. Select a category name to view more information.

In the first 30 days of using this feature, your organization might not have enough data to display this information.

Image of web activity by category card.

Web content filtering summary card

This card displays the distribution of blocked access attempts across the different parent web content categories. Select one of the colored bars to view more information about a specific parent web category.

Image of web content filtering summary card.

Web activity summary card

This card displays the total number of requests for web content in all URLs.

Image of web activity summary card.

View card details

You can access the Report details for each card by selecting a table row or colored bar from the chart in the card. The report details page for each card contains extensive statistical data about web content categories, website domains, and device groups.

Image of web protection report details.

  • Web categories: Lists the web content categories that have had access attempts in your organization. Select a specific category to open a summary flyout.
  • Domains: Lists the web domains that have been accessed or blocked in your organization. Select a specific domain to view detailed information about that domain.
  • Device groups: Lists all the device groups that have generated web activity in your organization

Use the time range filter at the top left of the page to select a time period. You can also filter the information or customize the columns. Select a row to open a flyout pane with even more information about the selected item.

Known issues and limitations

Only Microsoft Edge is supported if your device’s OS configuration is Server (cmd > Systeminfo > OS Configuration). Network Protection is only supported in Inspect mode on Server devices, which is responsible for securing traffic across supported third-party browsers.

Network Protection does not currently support SSL inspection, which may result in some sites being allowed by Web Content Filtering that would normally be blocked. Sites would be allowed due to a lack of visibility into encrypted traffic after the TLS handshake has taken place and an inability to parse certain redirects. This includes redirections from some web-based mail login pages to the mailbox page. As an accepted workaround, you can create a custom block indicator for the login page to ensure no users are able to access the site. Keep in mind, this may block their access to other services associated with the same website.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 7 times, 1 visits today)
Tagged: