Forum Discussion

Deleted's avatar
Deleted
Sep 11, 2023
Solved

Microsoft Defender for Endpoint Web Filtering Problem

HI All, i have a strange issue with Microsoft Defender for Endpoint, network protection is in block mode, i add custom indicator, and web page is blocked by Microsoft Edge but not in other Browser Li...
microsoft defender for endpoint
  • RobertCrane's avatar
    RobertCrane
    Sep 16, 2023

    Deleted per the documentation 

     

    Known issues and limitations

    Network protection does not currently support SSL inspection, which might result in some sites being allowed by web content filtering that would normally be blocked. Sites would be allowed due to a lack of visibility into encrypted traffic after the TLS handshake has taken place and an inability to parse certain redirects. This includes redirections from some web-based mail login pages to the mailbox page. As an accepted workaround, you can create a custom block indicator for the login page to ensure no users are able to access the site. Keep in mind, this might block their access to other services associated with the same website.

RobertCrane's avatar
RobertCrane
MVP
Sep 16, 2023
If you read the MS docs you will find that it is unable to filter HTTPS traffic on third party browsers. The only real options to all such filtering is block third party browsers and only use Edge.
Deleted's avatar
Deleted
Sep 16, 2023

RobertCrane hi Robert,

Thanks so mouch for your respons, but in the documentation i See that web content filtering support other browser https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-content-filtering?view=o365-worldwide

with network protection in block mode, infact a few months later this option works without problem, in the ticket Ms confirm that webcontentfiltering must work,

Many Thanks 

regards

guido

  • RobertCrane's avatar
    RobertCrane
    MVP
    Sep 16, 2023

    Deleted per the documentation 

     

    Known issues and limitations

    Network protection does not currently support SSL inspection, which might result in some sites being allowed by web content filtering that would normally be blocked. Sites would be allowed due to a lack of visibility into encrypted traffic after the TLS handshake has taken place and an inability to parse certain redirects. This includes redirections from some web-based mail login pages to the mailbox page. As an accepted workaround, you can create a custom block indicator for the login page to ensure no users are able to access the site. Keep in mind, this might block their access to other services associated with the same website.

    • Deleted's avatar
      Deleted
      Sep 16, 2023
      Thanks Roberto for your support,
      Yes also with custom indicators i have the same probelm, when i have a response from a Microsoft Ticket i post in this section
      Many Thanks
      Regards
      Guido
      • Deleted's avatar
        Deleted
        Sep 22, 2023
        Hi All, i resolved this issue with Microsoft Support, now i share solution in this 3d for all.
        This two regkey:
        https://learn.microsoft.com/en-us/windows/client-management/mdm/defender-csp#configurationdisablehttpparsing
        https://learn.microsoft.com/en-us/windows/client-management/mdm/defender-csp#configurationdisablednsovertcpparsing
        Are set to 1 (Enable) nevertheless in MDE configuration is set to Disable, support says that is a bug, so i set to "Not Configured" in MDE policy and i create OMA-URI Policy to force this two regkey to 0 (Disable) and in this way Indicators and web category are correctly Blocked 🙂

Resources