Block all internet traffic except some sites

Yes, you can partially achieve this with Microsoft Defender for Endpoint (through the security.microsoft.com portal), but it’s not designed as a full outbound web filtering solution on its own.

The recommended approach is to use Microsoft Defender for Endpoint Web Content Filtering, combined with Network Protection:

Web Content Filtering: Allows you to control which websites can be accessed based on categories. You can block all categories except the ones you specifically allow (for example, categories covering Office 365, security updates, internal sites).

Network Protection: Blocks outbound connections to known malicious domains and can help restrict traffic that doesn’t match your allow rules.

Defender for Endpoint web filtering relies on Microsoft Defender SmartScreen and may not offer strict “only allow specific sites” functionality like a firewall.

For strict “allow only these URLs, block everything else” scenarios, it’s best to implement this at the firewall level or with a proxy solution.

Let me know if you’d like help with a technical implementation guide for either option.

Best Regards,

Ali Koc