Edge SmartScreen SmartScreenAllowListDomains with ATP enabled?

%3CLINGO-SUB%20id%3D%22lingo-sub-2012265%22%20slang%3D%22en-US%22%3EEdge%20SmartScreen%20SmartScreenAllowListDomains%20with%20ATP%20enabled%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2012265%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20we%20ran%20into%20a%20SmartScreen%20block%20in%20Edge.%26nbsp%3B%20It%20has%20been%20corrected%20by%20MS%20(magic)%2C%20but%20still%20trying%20to%20figure%20out%20how%20to%20set%20exclusions%20if%20we%20really%20need%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EFirst%20attempt%20was%20to%20use%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-policies%23smartscreenallowlistdomains%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ESmartScreenAllowListDomains%3C%2FA%3E%20policy%20for%20Edge.%26nbsp%3B%20This%20did%20not%20work%2C%20as%20our%20devices%20are%20enrolled%20in%20ATP.%26nbsp%3B%20The%20article%20specifically%20states%20%3CSTRONG%3E%22Also%20note%20that%20this%20policy%20does%20not%20apply%20if%20your%20organization%20has%20enabled%20Microsoft%20Defender%20Advanced%20Threat%20Protection.%20You%20must%20configure%20your%20allow%20and%20block%20lists%20in%20Microsoft%20Defender%20Security%20Center%20instead.%22%3C%2FSTRONG%3E%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EI%20did%20confirm%20this%20by%20offboarding%20a%20test%20device%2C%20configured%20the%20Edge%20policy%20which%20allowed%20sites%20in%20the%20MS%20demo%20page.%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EWhere%20in%20the%20Security%20Center%20can%20you%20configure%20these%20allow%20domain%20lists%3F%26nbsp%3B%20Indicators%20seems%20the%20most%20likely%2C%20but%20that%20uses%20Defender%20Network%20Protection%20(our%20custom%20feed%20is%20off)%2C%20which%20doesn't%20quite%20seem%20right%20but%20plausible.%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EAnother%20post%20seemed%20to%20suggest%20a%20method%20of%20using%20trusted%20sites%20and%20disabling%20smartscreen%20for%20the%20zone%2C%20but%20none%20of%20that%20is%20in%20the%20Security%20Center%2C%20so%20thinking%20there%20has%20to%20be%20a%20official%20ATP%20way%3F%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2059886%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20SmartScreen%20SmartScreenAllowListDomains%20with%20ATP%20enabled%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2059886%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F548065%22%20target%3D%22_blank%22%3E%40dandirk%3C%2FA%3E%26nbsp%3BI%20would%20go%20with%20setting%20up%20Indicators%20in%20MDATP%20Security%20Center%20and%20allow%20that%20particular%20domain.%26nbsp%3B%3C%2FP%3E%3CP%3ERecently%20I%20too%20faced%20similar%20situation%20and%20setting%20up%20the%20indicator%20in%20MDATP%20worked%20for%20me.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

So we ran into a SmartScreen block in Edge.  It has been corrected by MS (magic), but still trying to figure out how to set exclusions if we really need it.

 

First attempt was to use the SmartScreenAllowListDomains policy for Edge.  This did not work, as our devices are enrolled in ATP.  The article specifically states "Also note that this policy does not apply if your organization has enabled Microsoft Defender Advanced Threat Protection. You must configure your allow and block lists in Microsoft Defender Security Center instead."

 

I did confirm this by offboarding a test device, configured the Edge policy which allowed sites in the MS demo page.

 

Where in the Security Center can you configure these allow domain lists?  Indicators seems the most likely, but that uses Defender Network Protection (our custom feed is off), which doesn't quite seem right but plausible.

 

Another post seemed to suggest a method of using trusted sites and disabling smartscreen for the zone, but none of that is in the Security Center, so thinking there has to be a official ATP way?

 

Thanks

 

1 Reply

@dandirk I would go with setting up Indicators in MDATP Security Center and allow that particular domain. 

Recently I too faced similar situation and setting up the indicator in MDATP worked for me.