Forum Discussion
Web Filtering / Monitoring for Android Devices
Hello all,
Does Intune offer a solution to filter and monitor web access on Android devices?
Basically block them from accessing naughty sites.
These are Corporate fully managed/KIOSK devices etc with MS edge loaded.
Don't want to go down the white/allowed list route if possible as they used for multiple scenarios.
I am looking at the MS Defender app but unsure if It can do the job and how to set it up.
We have a solution for our Windows devices but isn't compatible with Android.
Any help or suggestions welcome.
UpNorthIntune Unfortunately it states in the Configure Defender for Endpoint on Android features learn documentation, that web content filtering is currently not supported on mobile platforms such as IOS or Android.
With that being said, the other remaining options I see are using Defender for Endpoint Indicators, An Always-On VPN if your organization has a VPN solution, setting a global proxy server which can be set in a Android Device Restrictions profile, or an app configuration policy for a managed Edge browser.
I just tested the Defender for Endpoint Indicators on a mobile device and it worked great. When I tried to visit the URL, the browser just displayed "Could not connect". This method seems to support multiple browsers if not all from my testing. The Defender for Endpoint VPN needs to be turned on. This method also supports uploading a CSV file with the sites you want to block and supports up to 15,000 sites.
The app configuration policy also supports a allow list or block list. It does not support both at the same time however and allows importing and exporting CSV files. The downside to this method is it only works for Edge so you would also have to set another policy where the user can only use Edge browser.
You can find great block lists on the internet and they're frequently kept up to date. These are currently the best methods I could find for Android. The only other possibility I thought of was using private DNS. Android supports that but I couldn't find a way to set that using Intune. You would have to manually configure it on each device. It would be great if Microsoft natively supported Web Content Filtering for mobile devices.
Thank you,
Charlton
- CharltonBuchananCopper Contributor
UpNorthIntune Unfortunately it states in the Configure Defender for Endpoint on Android features learn documentation, that web content filtering is currently not supported on mobile platforms such as IOS or Android.
With that being said, the other remaining options I see are using Defender for Endpoint Indicators, An Always-On VPN if your organization has a VPN solution, setting a global proxy server which can be set in a Android Device Restrictions profile, or an app configuration policy for a managed Edge browser.
I just tested the Defender for Endpoint Indicators on a mobile device and it worked great. When I tried to visit the URL, the browser just displayed "Could not connect". This method seems to support multiple browsers if not all from my testing. The Defender for Endpoint VPN needs to be turned on. This method also supports uploading a CSV file with the sites you want to block and supports up to 15,000 sites.
The app configuration policy also supports a allow list or block list. It does not support both at the same time however and allows importing and exporting CSV files. The downside to this method is it only works for Edge so you would also have to set another policy where the user can only use Edge browser.
You can find great block lists on the internet and they're frequently kept up to date. These are currently the best methods I could find for Android. The only other possibility I thought of was using private DNS. Android supports that but I couldn't find a way to set that using Intune. You would have to manually configure it on each device. It would be great if Microsoft natively supported Web Content Filtering for mobile devices.
Thank you,
Charlton
- UpNorthIntuneIron ContributorHi Charlton,
Many thanks for the in depth reply, really appreciated.
I have passed your suggestion up the food chain to see if the solution will work for us.
Will update asap.
Thanks again.