Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Testing of web content filtering policy from M365 Defender

Brass Contributor

How to test web content filtering policy from M365 Defender as I am not able to see the option to target a specific group for testing purposes?

 

See below snap

 

VinodS2020_3-1702470510479.png

 

 

 

 

Also I am seeing below on the link here: 

 

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-content-filtering?vie...

 

VinodS2020_4-1702470533154.png

 

 

 

 

14 Replies
Adding to @VinodS2020: we have MDE plan 2 licensed assigned to users and devices on-boarded successfully but can not see any specific group just like above.

Also do we need to create MDE device groups to apply web content filtering policies?

Any help will be appreciated!
It can take couple of minutes if not hrs for the new groups to show up. Also, what permissions do you have in Defender? And yes, you should look at creating device groups for the purpose of assigning WCF, IoC at a granular level.

@rahuljindal-MVP 

 

I have Global admin rights on tenant but not able to do it from MS Defender portal. 

What are you seeing? You also need the MDE license.
I would also like to see Microsoft adding various test categories URLs to https://demo.wd.microsoft.com/ portal.
I worked with multiple SWG (Secure Web Gateway) URL filtering products before, and most of the vendors offer a list of "safe" test URLs pretending to be in certain categories.
It has been few years since URL filtering has been in GA but https://demo.wd.microsoft.com/ section for Web protections has not been updated

@rahuljindal-MVP 

 

We have EMS E5, Defender for business and MDO licenses assigned to each user in the tenant. So which one is the correct here? 

The administrator also needs an MDE license. I am assuming you have that as without that WCF will not be even visible. Is the group that you created visible under device groups?

@rahuljindal-MVP 

 

 

Can you clarify which MDE license is needed to an admin as not able to understand here? 

 

We have Microsoft Defender for Business assigned to all the admins including end users in the tenant. 

 

Link: https://learn.microsoft.com/en-us/microsoft-365/security/defender-business/mdb-overview?view=o365-wo... 

That should be good enough. Can you respond to my other questions from the previous post?

@rahuljindal-MVP 

 

I am seeing the above snap while creating the policy and there is no option to select the scoped group of All devices group for us as admin. 

Which snapshot are you referring to? If it is what is shared in the original post then that is not what I am referring to. I am asking about the actual device groups that you are trying to assign the policy to. Can you provide a screenshot of the device group itself?

@rahuljindal-MVP 

 

We have not created it yet in Defender portal. Can you tell us where we need to create it and add the devices to it? 

@VinodS2020 

 

Hello,
I have recreated the environment in the dev environment. Finally, WCF is working as expected. Please find the summarization below:

1. Users and Admin must have appropriate MDE licenses. (MDE 2 in my case)
2. Device group must be created with role assignment. (create an Entra ID security group and then create a role under settings> endpoint> permissions> roles. Post that create the group and apply changes) 
3. Cloud and network protection must be enabled on end-user devices.
4. WCF must be enabled from settings> endpoint> advanced features (security.microsoft.com)
5. Re-create the WCF policy, this time your device group will be visible for assignment.

Please let me know if you have any questions.

Thanks

MoMCT