Security – You can now configure web content filtering to block access to specific web categories

This was something missing in the security and device management offers from Microsoft since the move to cloud services; there was no integrated solution to manage web content filtering (you could still buy third party solutions).

Well, good news you can now manage web content filtering directly from your Office 365 subscription.

I think this is a first step as you can only manage access by using categories; you can not use a defined list of URL’s to block or allow.

There are few prerequisites you need to match before being able to use it:

  • Network filtering must be enabled (not audit mode) as well as Defender Smartscreen. You can enable it either by using PowerShell, Intune/Endpoint Configuration Manager or GPO
    • PowerShell

Set-MpPreference -EnableNetworkProtection Enabled

    • Intune/Endpoint Configuration Manager

Create an Endpoint Protection configuration profile (not the Endpoint Security profile)

image

  • Your subscription includes one of the following:
    • Windows 10 Enterprise E5
    • Microsoft 365 E5
    • Microsoft 365 E5 Security
    • Microsoft 365 E3 + Microsoft 365 E5 Security add-on
    • Microsoft Defender for Endpoint standalone
  • Windows 10 1607 or later

Then you connect to your Microsoft 365 Defender portal (https://security.microsoft.com/) and access the Settings\Endpoints\Web Content Filtering blade

image  image

There you can create a new web content filtering policy, when creating the policy you have to select either the full category or part of it to block the access to website identified as part of this category

image

Then you select the scope; by default you maybe have no computer group(s) – see

Once done, the web content filtering is basically running immediately (according the configuration profile has been successfully applied).

When a user will try to access a website which is identified as part of the category/categories you have selected, he will be block with this page

image

You can enable the web content filtering without blocking any website yet; it will gives you the ability to first have reports on web sites being accessed by your end users.

To access the reports, access the Reports\Web protection blade

image

From there you will have a dashboard giving you an high level of activities; for each when you click on the Details button you will get the complete report you can then export

image

There could be a possibility that a legitimate website has been incorrectly identified and being added into one of the category you are blocking.

If this is the case, you can ‘dispute’ by accessing the Endpoint\Search blade

image

Then select the URL option for the search and enter the domain you want to dispute the categorization, in the result (if the domain has been already identified) you can hit the Dispute category

image  image