Over the last two years, the world has dramatically changed both in our daily lives and how companies conduct business. In the pre-pandemic world, eroding network boundaries and the maturity of SaaS applications precipitated endpoint-first design. The pandemic and post-pandemic era demand it, the world is embracing hybrid workplaces and zero trust postures.
When we first launched Network Protection for Windows and built powerful Web Protection and Microsoft Defender for Cloud Apps (MDA) capabilities on top of it, we knew our vision to bring you our proxy-less endpoint first architecture would remain incomplete until we delivered for macOS and Linux. That day has arrived, and we could not be more excited to share that Network and Web Protection for macOS is now Generally Available and in Public Preview for Linux!
Network Protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
It is the foundation on which our Web Protection for Microsoft Defender for Endpoint is built. These capabilities include Web threat protection, Web content filtering, and IP/URL Custom indicators. Web protection enables you to secure your devices against web threats and helps to regulate unwanted content.
Network protection also integrates Microsoft Defender for Endpoint with Defender for Cloud Apps natively. Currently, the integration for macOS and Linux only supports endpoint enforcement capabilities.
How to evaluate Network Protection and the features it enables:
For Network Protection for macOS to be active on your devices, Network Protection must be enabled by your organization. We suggest deploying the audit or block mode policy to a small set of devices and verify there are no issues or broken workstreams before gradually deploying to a larger set of devices.
Prerequisites & Requirements
Once the prerequisites have been met, follow installation and configuration instructions in Use network protection to help prevent macOS connections to bad sites | Microsoft Docs
Here is how the experience looks on macOS:
Prerequisites & Requirements
Once the prerequisites have been met, follow installation and configuration instructions in Use network protection to help prevent Linux connections to bad sites | Microsoft Docs
How do I verify my Mac/Linux device is configured properly?
On Linux the connection will be disallowed as shown below. There will be no accompanying toast message in Linux:
Alternatively, you can also test this from the Terminal by running the following command and noticing that the connection is blocked by the Network Protection:
curl https://smartscreentestratings2.net
How do I explore the features?
Note: Discovery and other features are currently not supported on macOS and Linux platforms.
On device experience
When an end user attempts to access monitored domains on macOS/Linux, their navigation effort will be audited/blocked (depending on Network Protection policy). On macOS, the user will also be informed by Microsoft Defender for Endpoint via toast.
macOS
The user will get a plain block experience accompanied by the following toast message which will be displayed by the operating system including the name of the blocked application or website (e.g Blogger.com)
No block pages are shown in third-party browsers, and the user sees a "Secure Connection Failed' page along with a toast notification. Depending on the policy responsible for the block, a user will see a different message in the toast notification. For example, web content filtering will display the message 'This content is blocked'.
We are looking forward to hearing your feedback and answering any questions you may have!
Reference Documents
Microsoft Defender for Endpoint on Mac documentation - Microsoft Defender for Endpoint on Mac | Microsoft Docs
Microsoft Defender for Endpoint on Linux documentation - Microsoft Defender for Endpoint on Linux | Microsoft Docs
About Microsoft Defender for Endpoint Network Protection - Use network protection to help prevent connections to bad sites | Microsoft Docs
About Microsoft Defender for Endpoint Network Protection on Linux - Use network protection to help prevent Linux connections to bad sites | Microsoft Docs
About Microsoft Defender for Endpoint Network Protection on macOS - Use network protection to help prevent macOS connections to bad sites | Microsoft Docs
Enable Network Protection - Turn on network protection | Microsoft Docs
Web Protection - Web protection | Microsoft Docs
Custom Indicators - Create indicators | Microsoft Docs
Web Content Filtering (WCF) - Web content filtering | Microsoft Docs
Microsoft Defender for Cloud Apps - Integrate Microsoft Defender for Endpoint with Cloud App Security | Microsoft Docs
Edge Browser Setup - https://www.microsoft.com/en-us/edge/features
Microsoft Defender for Endpoint is an industry-leading, cloud-powered endpoint security solution offering vulnerability management, endpoint protection, endpoint detection and response, and mobile threat defense in a single unified platform. With our solution, threats are no match. If you are not yet taking advantage of Microsoft’s unrivaled threat optics and proven capabilities, sign up for a free trial of Microsoft Defender for Endpoint today.
Microsoft Defender for Endpoint team
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.