Web threat protection is part of Web protection in Defender for Endpoint. It uses network protection to secure your devices against web threats. By integrating with Microsoft Edge and popular third-party browsers like Chrome and Firefox, web threat protection stops web threats without a web proxy and can protect devices while they are away or on premises. Web threat protection stops access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked in your custom indicator list.
Note
It can take up to an hour for devices to receive new custom indicators.
Prerequisites
Web protection uses network protection to provide web browsing security on Microsoft Edge and third-party web browsers.
To turn on network protection on your devices:
- Edit the Defender for Endpoint security baseline under Web & Network Protection to enable network protection before deploying or redeploying it. Learn about reviewing and assigning the Defender for Endpoint security baseline
- Turn network protection on using Intune device configuration, SCCM, Group Policy, or your MDM solution. Read more about enabling network protection
Note
If you set network protection to Audit only, blocking will be unavailable. Also, you will be able to detect and log attempts to access malicious and unwanted websites on Microsoft Edge only.
Configure web threat protection
The following procedure describes how to configure web threat protection using the Microsoft Endpoint Manager admin center.
- Go to the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com), and sign in.
- Choose Endpoint security > Attack surface reduction, and then choose + Create policy.
- Select a platform, such as Windows 10 and later, select the Web protection profile, and then choose Create.
- On the Basics tab, specify a name and description, and then choose Next.
- On the Configuration settings tab, expand Web Protection, specify your settings, and then choose Next.
- Set Enable network protection to Enabled so web protection is turned on. Alternately, you can set network protection to Audit mode to see how it will work in your environment. In audit mode, network protection does not prevent users from visiting sites or domains, but it does track detections as events.
- To protect users from potential phishing scams and malicious software, turn Require SmartScreen for Microsoft Edge Legacy to Yes.
- To prevent users from bypassing warnings about potentially malicious sites, set Block malicious site access to Yes.
- To prevent users from bypassing the warnings and downloading unverified files, set Block unverified file download tl Yes.
- On the Scope tags tab, if your organization is using scope tags, choose + Select scope tags, and then choose Next. (If you are not using scope tags, choose Next.) To learn more about scope tags, see Use role-based access control (RBAC) and scope tags for distributed IT.
- On the Assignments tab, specify the users and devices to receive the web protection policy, and then choose Next.
- On the Review + create tab, review your policy settings, and then choose Create.