Blocking URLs and Websites on Managed macOS Devices with Intune (Help Needed!)

Copper Contributor

I'm looking for some guidance on controlling website access for my managed macOS devices using Microsoft Intune. I need to block access to specific URLs and websites, but I'm encountering some challenges.

 

My goals:

 

Block specific URLs: I have a list of URLs that I need to prevent users from accessing on their devices, regardless of the website they're visiting only for macos devices.
Block specific websites: Additionally, there are a few entire websites I need to block access to completely.
Ideally, maintain some flexibility: While I want to enforce these restrictions, it would be helpful if there was a way to whitelist certain domains or URLs for specific users or groups if needed.
What I've tried:

Device restrictions: I've explored the macOS device restrictions settings in Intune, but there doesn't seem to be a built-in option for URL blocking.
Custom settings: I tried creating a custom configuration profile with settings for the "Web Content Filter" or "Microsoft Defender Network Protection," but I'm unsure how to configure them effectively for my specific needs.
Questions for the community:

 

1.What's the most effective way to achieve my goals using Intune?
2.Are there any specific settings or configuration profiles I should use?
3.How can I ensure the blocking rules are applied consistently across all macOS versions?
4.Is there a good way to implement whitelisting without compromising the overall restrictions?
5.Any insights, suggestions, or best practices would be greatly appreciated! I'm open to different approaches and eager to learn how to manage website access with Intune effectively?

 

 

Thank you

 

Akhil

 

1 Reply

Hi @Garre_Akhil5603,

here are some my answers based on your questions:

  1. Most effective way:
    The most effective way to achieve your goals using Intune would be to leverage the features of Microsoft Defender’s Network Protection and Web Content Filtering. These features can help you block specific URLs and websites.

  2. Specific settings or configuration profiles:
    For blocking specific URLs, you can use the “Web Content Filtering” feature in Microsoft Defender. For blocking specific websites, you can use the “Custom Indicators of Compromise” feature in Microsoft Defender.

  3. Consistency across macOS versions:
    To ensure that your blocking rules are applied consistently across all macOS versions, you can use the device compliance settings in Intune. These settings allow you to set a minimum or maximum OS version, set password rules, and more.

  4. Implementing whitelisting:
    You can use the Tenant Allow/Block List feature in Microsoft 365. This feature allows admins to create and manage entries for URLs. You can create allow entries for URLs that you want to whitelist.

  5. Best practices:
    Start with a small set of devices to test your configurations. Evaluate the impact of your policies and verify there are no issues or broken workflows. Gradually deploy your configurations to a larger set of devices until completely rolled out.

For additional information you can take a look at these references:
Use network protection to help prevent macOS connections to bad sites | Microsoft Learn
Web content filtering | Microsoft Learn
macOS device compliance settings in Microsoft Intune | Microsoft Learn
Allow or block URLs using the Tenant Allow/Block List | Microsoft Learn
macOS device settings in Microsoft Intune | Microsoft Learn


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)