Forum Discussion
Blocking domain for group of users/or devices
Hi all,
I am trying to find a way to block youtube for a group of users. We are using M365 E5 Security so can use Defender for endpoint or Defender for cloud apps. However, cant find a way to implement this.
- My idea was to create an INDICATOR in Endpoint that will be blocked, however I cannot select any group and "all devices" are included there in default. So not sure if this is a way. Neither Web Content Filtering cannot be used for my scenario
- Another idea was to use Defender for cloud apps. This looks promising but I am not sure how to target only specific users or devices? I managed to mark an app as "unsanctioned" but it applies for all devices.
Any idea ?
Thank you.
2 Replies
- Lucifier0786Copper Contributor
You can create a Device Group in Defender for Endpoint to target specific devices for blocking YouTube.
Here’s how you can do it:
Go to Microsoft 365 Defender → Settings → Endpoints → Permissions → Device Groups.
Create a new device group based on tags or other criteria (like OS, domain, etc.).
Assign a tag (e.g., BlockYouTube) to the target devices under Manage Tags in the Devices section.
Go to Settings → Indicators → URLs/Domains → Add youtube.com as a blocked domain.
Select the device group you created as the target.
Alternatively, if you want to block YouTube for specific users rather than devices, you can set up a Conditional Access App Control policy in Defender for Cloud Apps:
Create a Conditional Access policy in Entra Admin Center targeting specific users.
In Defender for Cloud Apps, create a Session Policy to block YouTube for those users.
If you want to block access based on specific users, a Conditional Access policy + MCAS session control would be better.
If you want to block access based on specific devices, using Device Groups in Defender for Endpoint would be more effective.
- ArtSofM365Copper Contributor
you can do that easily with GSA and you control the ‘who’ by Conditional Access
you can also do that by MCAS and/or indicators of compromise (url) - basically Smart Screen - but that is extremely cumbersome, you have to select devices (and that weird concept that device can only belong to single device group) and not users, and slow to apply - minutes to hours, sometimes applies inconsistently - thats your second option