Web Content Filtering and Protection
with Microsoft Defender for Endpoint
When I was a technology executive in the days before Microsoft 365 and Defender for Endpoint, November and December always used to give me pause. Hectic end-of-year work schedules and vacations both drive people to use their employer’s devices for personal use: shopping, traveling, or (yikes!) sometimes entertaining the kids. The endpoint-based firewalls and filtering software that were around back then were usually dependent on being connected to the network and not very effective (or user friendly), so often times there was no reasonable protection available.
Back to the present…the weather has turned cooler. The holiday season (phishing season?) is a mere few weeks away. With that in mind and Black Friday just around the corner, I wanted to call out two security features included in Microsoft 365 that are often overlooked but can help improve endpoint security posture substantially with only a little effort, especially this time of year.
Web Content Filtering and Protection
The Web Content Filtering and Web Protection features of Defender for Endpoint are included in M365 E3. To my surprise, though, many organizations that I work with do not have them configured. More often, their focus is on network-based web filtering products like proxy applications or perimeter security appliances. While those are great ways to filter out the nasties from the internet, what happens when employees take their laptops home and are no longer protected by those location-specific solutions?
The advent of remote and hybrid work makes this an even more pressing issue. Most organizations have zero control or influence over their employees’ home networks, and much of the SaaS software out there is designed to work with a split-tunneled VPN, so web traffic never traverses the corporate network anyway.
Certainly, continue to use secure DNS providers and network-based protection in the office, but still deploy this host-based protection at the workstation level. The categorization of websites through different filtering products are often largely the same, so having parallel protection in place is easy to achieve. And, just like the on-premises solutions, making exceptions for certain sites or false positive detections in Web Content Filtering is easy and takes effect quickly. Both Web Content Filtering and Web Protection also support multiple policies, so tailored controls can be applied to different groups, people, or devices.
How to Configure Web Content Filtering
Since no one wants a security call over the holidays, let us walk through the configuration. In practice, this takes about 5 minutes, tops. As always, run this in audit mode or on a test group for a while to make sure the changes are not disruptive.
Let us start with Web Content Filtering and block the desired categories. This is configured through https://security.microsoft.com:
Go to the Endpoints menu under Settings and turn on Web Content Filtering:
Add, and then name your policy:
Select the content categories you would like to block and the machine groups to apply the policy to:
And create the policy. That’s it!
Now, let us configure malicious site blocking with Web Protection. This is accessed through https://intune.microsoft.com.
Go to the Attack Surface Reduction page:
Create and name a new profile as shown in the following screenshots:
Enable network protection, SmartScreen, and other options as shown:
And assign the profile to the appropriate people and devices:
Finish creating the profile:
Done! It will take a few hours for the settings to go into effect. Reporting is available for both features in their respective management portals so you can see the activity triggering the blocking, as well as collect metrics and further information. This telemetry will be reported back by Defender for Endpoint regardless of user location.
As you probably noticed when you were creating the policies, there are many other features and functions related to endpoint protection. I encourage you to explore those and see what else the platform can do to provide even more protection.
My colleagues and I help customers get the most value out of their existing licensed features all the time. Let us know if you would like to dig a little deeper into what is possible, or other areas in which we set our clients up for success. Click Here to learn more.
Ready to protect your data by leveraging Defender for Endpoint?
Contact our team of experts to get started!