Forum Discussion

formolim89's avatar
formolim89
Copper Contributor
Dec 21, 2021

Webcontent Filtering and Smartscreen

Hi Guys, 

 

We are running co-management environment - our devices are onboarded in Microsoft 365 Defender portal and I have configured policies for web-content filtering and pushed it to a few users. 

 

I also deployed "Enable Network Protection" via endpoint manager.

 

I have followed all the steps mentioned in Web content filtering | Microsoft Docs and also did some research to confirm my settings and all seems to be identical to what others have configured. 

 

After enabling web content filtering I am still able to access websites that are configured as restricted in the policy I created in Defender portal. 

 

I turned on debug mode of smart screen and it tells me "onAllowedZoneCheck" I am not sure how to get web content filtering working? Any ideas would be much appreciated. 

Cheers,

 

 

  • Jonhed's avatar
    Jonhed
    Steel Contributor
    Are your users using onboarded devices, and are these devices also part of a device group which the Web content filtering policy is scoped to?

    Which type of policy are you using to enable network protection?
    The exploit guard policy listed here?
    https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-worldwide#microsoft-endpoint-manager

    Does the Powershell command below return a "1" on said devices?
    Get-MpPreference | Select "EnableNetworkProtection"

    Is realtime protection and cloud based protection enabled, and can devices access the URLS as listed in the document below?
    https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide
    • formolim89's avatar
      formolim89
      Copper Contributor

      Jonhed 

      Hi Jonhed,

      Correct, the users using onboarded devices are part of the device group which content filtering policy is scoped to.

      I am using Microsoft defender antivirus policy.

      I also tried Endpoint Protection Policy.

       

       

       

       

      I did confirm Network protection is enabled. 

       

      Realtime and cloud protection are both enabled and I am not able to access the test URL motioned in the article. I got "connection blocked notification"

       

      And still I am able to access websites that falls under the category that I have blocked in Microsoft 365 Defender portal web content policy.  It is strange...

      • Jonhed's avatar
        Jonhed
        Steel Contributor

        formolim89 
        Does indeed look like it should work..

         

        Have you checked if MDAV is running in active mode, and if it is running the latest platform versions?

        (Can be seen with the "Get-MpComputerStatus" powershell command)

         

        The pic you pasted shows Smartscreen for apps and files being configured, but have you also activated smartscreen in Edge?

         

        Can you access the sites in both Edge and 3rd party browsers such as Chrome?

Resources