@eliekarkafy Thanks for your feedback.  However, it appears the discussion you mentioned is about WCF not working on 3rd party browsers due to lack of support on SSL inspection.  In our case, WCF works well with both Edge and Chrome browsers.  Our issue is the list of URLs/Domain in the indicators to override WCF settings are not being followed by the end devices on either Edge or Chrome browsers.

Thanks,

@IsaacPark did you had the chance to check web protection reports to see the streaming web categories and how the URL format that is being blocked? 

 

 

 

 

 

 

@eliekarkafy , yes I can see them in the report.

 

did you try to create Mutiple custom indicators to cover Mutiple format for youtube ? for example ind1 : youtube.com , ind2 : www.youtube.com, ind3 : https://www.youtube.com/ , etc ... ? adding custom indicators will allow you to override the blocked category.

@eliekarkafy , yes but in a slight different approach.  I made one domain without https:// and another with http:// so we can narrow down what format works quicker.  

 

 

It's not there any more but we also tried with http:// prefix.  It did not make any difference.

 

Thanks,

@IsaacPark that's weird, with that in place you should be able to override the blocked category. I suggest you open a ticket with the Microsoft security team so they can check your tenant in the backend.  

We have multiple tenants showing the same problem. We even created a brand new tenant and clean setup the WCF and Indicator for testing (to eliminate the possible interference by other existing policies), same thing is happening. So, we thought it could be a global issue or at least across APAC region, hence the post to tech community to see if anyone else is also experiencing it.

Full disclaimer, this is first time we are using the indicator. Never needed to until now. So, it may just be a silly mistake of missing a tick box somewhere we didn't know we had to enable/disable to get the indicator working. I have gone over Microsoft documentations over and over on WCF and Indicators but could not find anything I missed. (another reason for posting to tech community, to get feedback from the experienced users to advise on tips Microsoft Docs may have overlooked).

Much appreciate your continued interests and suggestions. If it's not too much trouble can you check if the URLs/Domain based indicators are working in your tenant?

Yes, I logged a support call with Microsoft. Over the screen share session, the MS support confirmed all configurations are correct and it 'should' work. Asked me to blow away all indicators and recreate them (and wait a few hours for it to kick in). This did not make any changes. As a next step, they asked for Process Steps Recorder showing WCF & Indicator settings, then record browsing the allowed sites to show they are still being blocked. So it's pretty much repeating what I already showed them over screen share, but in recorded format. Hopefully they will come back with some good suggestions to try next.

Cheers,

that needs to be enabled for sure when you want to allow/block custom URLs , IP addresses , etc .... i though that you already enabled that in your initial configuration. thanks for sharing. Dont forget to enable network protection in block mode for better security towards malicious sites 

Thank you for this!!! I don't know if i missed reading about it in the articles for setting up webfiltering or if it's just missing but i've been banging my head for a week with this.

@Jakob_312 Thanks for sharing.  I, too, went over many MS articles on setting up indicators but did not find a single article that mentioned that there is a setting under Advanced Features that you need to turn on.  It's either never mentioned or very hard to find.  I am glad to hear this helped.