cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Are Defender Device Groups the only way to target Web Content Filter policies?

Nathan Hartley
Steel Contributor

‎Oct 23 2023 12:52 PM - edited ‎Oct 29 2023 09:31 AM

‎Oct 23 2023 12:52 PM - edited ‎Oct 29 2023 09:31 AM

Are Defender Device Groups the only way to target Web Content Filter policies?

We are moving from Cisco Umbrella to Microsoft Defender's Web Content Filtering. We fully understand that they are not a 1 to 1 match. We have accounted for the differences with one exception. We have an Entra group of PCs where we need to block additional Web Content Categories. I suspect they will later require additional custom indicators to be blocked. And, if this is successful, I can see additional groups of PCs needing their own content filter settings.

 

I could be wrong however, my understanding of Defender Device Groups is that they configure many other aspects of a PC, including RBAC within Defender. If true, attempting to keep those configurations in sync (especially when we are not aware of what all they might be) could be difficult. With my limited understanding of them, they feel like overkill for assigning additional filters to a subset of otherwise identical PCs.

 

Are Defender Device Groups the only way to target Web Content policies?

 

If it matters any, we are Autopilot enrolling PCs to be Entra Joined and Intune managed. Bye-bye on-prem AD, Configuration Manager, old-skool drivers, and someday... old-skool apps.

971 Views
0 Likes
3 Replies
Reply
3 Replies
rahuljindal-MVP

‎Oct 23 2023 01:31 PM

‎Oct 23 2023 01:31 PM

Re: Are Defender Device Groups the only way to target Web Content Filter policies?

Yes, currently Defender security only supports device based groups and I don’t see this changing in the near future.
1 Like
Reply
eliekarkafy

‎Oct 23 2023 01:32 PM

‎Oct 23 2023 01:32 PM

Re: Are Defender Device Groups the only way to target Web Content Filter policies?

@Nathan Hartley Currently web content filtering can target device groups in MDE only. There is a new capability in Entra within the SSE solution but yet not available to customers that may be targeting security groups of devices or users. 

eliekarkafy_0-1698093118801.png

 

1 Like
Reply