Forum Discussion

sumo83's avatar
sumo83
Iron Contributor
Jan 15, 2025

Blocking domain for group of users/or devices

Hi all,

I am trying to find a way to block youtube for a group of users. We are using M365 E5 Security so can use Defender for endpoint or Defender for cloud apps. However, cant find a way to implement this.

  • My idea was to create an INDICATOR in Endpoint that will be blocked, however I cannot select any group and "all devices" are included there in default. So not sure if this is a way. Neither Web Content Filtering cannot be used for my scenario
  • Another idea was to use Defender for cloud apps. This looks promising but I am not sure how to target only specific users or devices? I managed to mark an app as "unsanctioned" but it applies for all devices.

Any idea ?

Thank you.

2 Replies

  • Lucifier0786's avatar
    Lucifier0786
    Copper Contributor

    You can create a Device Group in Defender for Endpoint to target specific devices for blocking YouTube.

    Here’s how you can do it:

    Go to Microsoft 365 Defender → Settings → Endpoints → Permissions → Device Groups.

    Create a new device group based on tags or other criteria (like OS, domain, etc.).

    Assign a tag (e.g., BlockYouTube) to the target devices under Manage Tags in the Devices section.

    Go to Settings → Indicators → URLs/Domains → Add youtube.com as a blocked domain.

    Select the device group you created as the target.

    Alternatively, if you want to block YouTube for specific users rather than devices, you can set up a Conditional Access App Control policy in Defender for Cloud Apps:

    Create a Conditional Access policy in Entra Admin Center targeting specific users.

    In Defender for Cloud Apps, create a Session Policy to block YouTube for those users.

    If you want to block access based on specific users, a Conditional Access policy + MCAS session control would be better.

    If you want to block access based on specific devices, using Device Groups in Defender for Endpoint would be more effective.



  • ArtSofM365's avatar
    ArtSofM365
    Copper Contributor

    you can do that easily with GSA and you control the ‘who’ by Conditional Access

    you can also do that by MCAS and/or indicators of compromise (url) - basically Smart Screen - but that is extremely cumbersome, you have to select devices (and that weird concept that device can only belong to single device group) and not users, and slow to apply - minutes to hours, sometimes applies inconsistently - thats your second option

Resources