Forum Discussion
Indicator allow/block list not working over Web Content Filtering
Hi all,
We have Web Content Filtering to block selected categories. WCF is working well as intended that browsing the selected categories is blocked on both Edge and Chrome browsers.
We also have a list of domains/URLs in Indicators to allow browsing some sites that are categorically blocked by WCF. However, users are still blocked from browsing those domains/URLs.
For example:
We select streaming media to block in WCF. Users are blocked from browsing Youtube and Vimeo sites on both Edge and Chrome browsers.
We then added the following domains/URLs in the Indicators with 'Allow' action.
- youtube.com
- https://www.vimeo.com
- https://vimeo.com
(the reason we used different formats is to determine what works in case we were not using the correct format.)
However, users are still blocked from browsing the sites.
I understand it can take up to 2 hours before indicators work. It's been days/weeks since they were added in.
To make sure the sites were not blocked by something else other than WCF, we also removed High Bandwidth category (that includes Streaming Media) from WCF selection. Within 15 minutes the users can browse both Youtube and Vimeo. When the category is re-selected, users are blocked from those sites within 15 minutes. So I believe we can confidently say the behaviour is not caused by some other control than WCF.
We also have a URL with 'Block' settings in the Indicator where the URL is not categorically blocked by WCF. Users can browse the website any issues.
So, it seems the entire Indicator URLs/Domains has no effect on the devices.
WCF is applied to a group of selected devices. Indicators are set to apply to all devices in the organization.
Thanks,
- It ended up being such an obvious one. Sharing it here in case anyone struggle to get it working for the same reason.
Go to Microsoft 365 Defender Admin Portal > Settings > Endpoints > Advanced Features.
Enable "Custom Network Indicators".
13 Replies
- It ended up being such an obvious one. Sharing it here in case anyone struggle to get it working for the same reason.
Go to Microsoft 365 Defender Admin Portal > Settings > Endpoints > Advanced Features.
Enable "Custom Network Indicators".Thank you so much IsaacPark
- Thank you for this!!! I don't know if i missed reading about it in the articles for setting up webfiltering or if it's just missing but i've been banging my head for a week with this.
Jakob_312 Thanks for sharing. I, too, went over many MS articles on setting up indicators but did not find a single article that mentioned that there is a setting under Advanced Features that you need to turn on. It's either never mentioned or very hard to find. I am glad to hear this helped.
that needs to be enabled for sure when you want to allow/block custom URLs , IP addresses , etc .... i though that you already enabled that in your initial configuration. thanks for sharing. Dont forget to enable network protection in block mode for better security towards malicious sites
- we run over this discussion last week , check below discussion it might help you with your issue
https://techcommunity.microsoft.com/t5/microsoft-365-defender/microsoft-defender-for-endpoint-web-filtering-problem/m-p/3935249#M1532elieelkarkafi Thanks for your feedback. However, it appears the discussion you mentioned is about WCF not working on 3rd party browsers due to lack of support on SSL inspection. In our case, WCF works well with both Edge and Chrome browsers. Our issue is the list of URLs/Domain in the indicators to override WCF settings are not being followed by the end devices on either Edge or Chrome browsers.
Thanks,
IsaacPark did you had the chance to check web protection reports to see the streaming web categories and how the URL format that is being blocked?
