Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
An update on Web Content Filtering
Published Jul 06 2020 09:49 AM 31.9K Views
Microsoft

When we announced the public preview of web content filtering as part of Microsoft Defender Advanced Threat Protection (ATP), we set out to deliver to customers a feature that empowered security admins to create acceptable web usage policies across their organizations. Security teams were enabled to author policies to track and regulate access to websites based on specified content categories, and also get visibility into blocks and web usage through the Microsoft Defender Security Center 

 

During the public preview, we received positive feedback on the simplicity of the feature due to the ease of creating and deploying policies at scalewithout the need for additional agents or hardwareHowever, one critical piece of feedback we received was that this feature was too expensive to implement, since it required an additional partner license.  

 

We have heard your feedback and are excited to share that going forward, web content filtering will be offered as part of Microsoft Defender ATP without any additional partner licensing. Now you get the benefits of web content filtering without the need for additional agentshardware, and costs.  

 

If you joined in on the public previewyou might be in one of the following scenarios: 

  • If your 60-day trial for the partner license has already expired, all your policies are now active and protecting your enterprise.  
  • If you have an active 60-day trial for a partner license, all your policies will continue to work even after 60 days.  

You can un-register any partner integration that you have previously signed up for in the Azure portal: 

  • Go to Azure Active Directory > App Registrations 
  • Search for the name you have registered the partner app (Cyren 
  • Select the partner application and delete it. 

 

For the time being, this feature continues to be in public previewThose customers that have preview features turned on can start trying out web content filtering in Microsoft Defender ATP today. If you haven’t yet opted in, we encourage you to turn on preview features in the Microsoft Defender Security Center. 

 

Want your organization to track and regulate access to websites based on certain categories? Learn about turning on web content filtering in our documentation 

 

If you’re not yet taking advantage of Microsoft’s industry leading security optics and detection capabilities for endpoints, sign up for a free trial of Microsoft Defender ATP today. 

 

Let us know your thoughts and feedback in the comments below.  

 

34 Comments
Copper Contributor

Hi, does this have file type blocking by category, would really need this to switch from different vendors who have this capability? Thanks

Iron Contributor

Hi, How is the whitelisting working? Can I monitor or allow blocked websites?

MVP

martin warrey

Hi, does this have file type blocking by category, would really need this to switch from different vendors who have this capability? Thanks


@martin warrey 

 

This is web content filtering - do you mean block downloads by file type?

 


Mike808
Hi, How is the whitelisting working? Can I monitor or allow blocked websites?

@Mike808 

 

You can use indicators to add URLs, domains, and IPs to a block or allow list which will "win" against web content filtering.  The indicators can then show in the alerts queue and you can get web content filtering reports in their own report page.

This is Great News!

Copper Contributor

@Ruairidh Campbell 

Hi, yes with other vendors you can block file types by URL category, e.g. .exe allowed from "Professional Services" but not from "Hacker" categories

Copper Contributor

Can I add custom URL's to be blocked, which are not in any filter category?

MVP

Hi, yes with other vendors you can block file types by URL category, e.g. .exe allowed from "Professional Services" but not from "Hacker" categories 


This is a great idea.  @KrupaT is there an MDATP UserVoice?  A quick ̶G̶o̶o̶g̶l̶e̶ Bing doesn't return anything specific, only O365 and MEM.

 


Eric Romelingh

Can I add custom URL's to be blocked, which are not in any filter category?


@Eric Romelingh  Yes you can do this using 'indicators', which I have a blog about here: https://campbell.scot/microsoft-defender-atp-web-content-filtering-administration-limitations-and-us... 

Brass Contributor

Firstly this is a great feature to see now included in E5 without the need for another licence. 

 

Would there be a cost to ingest Web Content Access and Filtering Logs into Sentinel? 

Also for me to move from other Vendors this would have to extend to clients other than just Windows 10 with an E5 licence. I appreciate this is in preview, are there plans to address this?

Brass Contributor

Hi, when blocked by SmartScreen (Edge), is it possible to change the support URL on the SmartScreen big red screen to an internal IT support page?

Brass Contributor

@Christo De Lange  It is possible to buy 'Microsoft Defender ATP Standalone' licenses now via CSP, so the full E5 is no longer required, you can add in separately to an M365 E3 for instance. Microsoft are not making this very well known though.

Copper Contributor

Also looking for, when blocked by SmartScreen (Edge), is it possible to change the support URL on the SmartScreen big red screen to a customized page 

Copper Contributor

Hi, Is there a way to test websites to see what category they fall into?

Brass Contributor

@Patrick2090  : Someone more authoritative should be able to chime in, but as the previous preview was built around Cyren's third-party product, it's a good guess that Cyren are still providing the categorization engine for Microsoft Defender ATP.  In which case you might be able to use the Cyren URL Category Check web page to confirm what category a URL is classed under.

MVP

@Steve Burkett @Patrick2090 Hi Steve, you're correct.  It's still Cyren in the back-end :-). 

Copper Contributor

Quick silly question about testing preview features:

If I enable preview features, none of the individual preview features are turned on unless I flip other switches, correct?

 

Copper Contributor

Is there any upcoming improvement or new feature to the web filtering?

 

I noticed that there are missing categories in the MDATP compare to the Cyren website. For example, restaurant and dining, arts, tasteless, ads & popups.

 

Thank you

Copper Contributor

When a site is blocked, what does the end user see?

MVP

@AgetroNairb 

 

Hey, they'll see some variation of this if it's a first party browser:

 

11-1.png

Copper Contributor

I hope there is a feature to customize the webpage coming up soon, so the end user will be able to know that the organization is blocking. Also the end user can reach out to the IT Department. 

Brass Contributor

Excellent addition to the product. Is there any plans on making exclusions available? Consider I would like to block a category but allow a specific site on my clients. I guess the proposed answer would be to manually add an indicator with allow for the URL/domain?

MVP

@Simon Håkansson Is there any plans on making exclusions available? Consider I would like to block a category but allow a specific site on my clients. I guess the proposed answer would be to manually add an indicator with allow for the URL/domain?

This is exactly what I'd do :)


 

Brass Contributor

@Ru Thanks, I did and it worked like a charm. :cool:

Brass Contributor

Are you able to achieve this Mobile Device with Android ? Even we enabled the Web Protection as mentioned in this https://campbell.scot/microsoft-defender-atp-web-content-filtering-administration-limitations-and-us... still we cannot see the effect ! Did it requires Microsoft EDGE Browsers only ?

Copper Contributor

hey, any insight into when this comes out of preview and becomes generally available?

Copper Contributor

I've been following the project and am eager to roll it out at my organization.  We haven't heard much about the intended launch date, does anyone have an idea as to when the full launch is due?

Brass Contributor

@LCBoss @ivansestak Latest info I've seen: Web content filtering with Microsoft Defender ATP now in public preview - Page 2 - Microsoft Tech Co...

According to user @neilcarden MS Support has stated:
"Although we were initially targeting CYE 2020, we've decided to push this to Q1 CY21. This will give the team time to resolve some of the ongoing issues with the service and ensure stability before GA.

 

We recently completed the transition from Cyren to NetStar on 12/7. This was a staged rollout, and all Web Content Filtering users are now receiving NetStar categorization."

Iron Contributor

@KrupaTCan you please advise if there are test URLs in each category so that Web Content Filtering functionality can be tested during new PC build process? Am i right assuming we should use this DB in case we want to match the link to a category - https://incompass.netstar-inc.com/urlsearch

Thanks!

Iron Contributor

It would be nice to add test URLs to https://demo.wd.microsoft.com/

Copper Contributor

Web protection in Microsoft Defender for Endpoint is a capability made up of Web threat protection and Web content filtering.

 

The description for "Microsoft Defender for Endpoint on iOS" is:

Microsoft Defender for Endpoint on iOS will offer protection against phishing and unsafe network connections from websites, emails, and apps.

 

Question: Is web content filtering working on iOS and Android now -or is this a coming feature?

Copper Contributor

Web filtering through Microsoft Defender for Endpoint was due to go GA in May this year according to the roadmap. Is this still the case?

Copper Contributor

Any update on this? We keep an eye on the roadmap and build it into our service schedule, so it would be helpful to know whether the date for web content filtering going GA is still applicable? Thanks.

 

lukewilcock_0-1622196014905.png

 

Copper Contributor

Removed duplicate post.

Copper Contributor

The ability to report an inaccuracy is failing. Saying try again later. This has been going on steady for the last week. Outside of putting in exceptions is there another way to use this? Both the user end ( red webpage ) and the Microsoft Defender portal now report this error:

 

 

The operation could not be completed. Please try again later. Microsoft has been made aware of this issue.

 

Will this be fixed in the near future? Before it comes out of preview?

Thanks.

Copper Contributor

Still no sign of web filtering going GA. The roadmap keeps getting amended, pushing the feature into the following month. Any clues Microsoft? Is this a viable product or do I need to start considering alternatives?

Co-Authors
Version history
Last update:
‎May 12 2022 04:12 PM
Updated by: