Enhanced visibility into web threats with Microsoft Defender ATP
Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) has rapidly evolved with new protection, detection, and investigation capabilities. But customers continue to ask about web protection with questions like “How can we manage web threats?” and “How can Microsoft Defender ATP help us protect web browsing activities?”
In response to these inquiries, we are today giving customers more visibility into web threats affecting their network through the new web protection report which complements existing alerts for web threats, machine timeline events, and detailed domain/URL profiles. Existing Microsoft Defender ATP customers are now able to experience this enhanced visibility in Microsoft Defender Security Center.
Web protection leverages existing network protection capabilities to secure your devices against web threats without relying on a web proxy, providing security for devices that are either outside the network or on premises. It integrates with Microsoft Edge as well as popular third-party browsers (such as Chrome, Firefox, etc.), to stop access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that are blocked in your custom indicator list.
Web protection provides both security administrators and security operations:
- Comprehensive visibility of web browsing activity at an organizational level
- Investigation capabilities of web-related threat activity through alerts and comprehensive profiles of URLs and machines that access these URLs
- A set of security features that let you to track general access trends to blocked websites
Monitor web browsing security
To help you monitor web browsing security, web protection delivers detection statistics on two interactive cards under Reports > Web protection in the Microsoft Defender Security Center:
- Web threat protection detections over time—this trending card displays the number of web threats blocked by type over the selected time period (Last 30 days, Last 3 months, Last 6 months).
- Web threat protection summary—this card displays total blocks in the past 30 days, showing distribution across the different types of web threats. Clicking a slice opens the list of the domains of the URLs that were blocked.
Respond to web threats with alerts
Web protection empowers security operations by allowing them to efficiently investigate and respond to web threat detections surfaced as Microsoft Defender ATP alerts. Each alert provides the following information:
- The machine that attempted to access the unwanted URL
- The app or program that sent the web request
- The unwanted URL, whether it is malicious or set as blocked in your custom indicator list
- Recommended actions for this type of detections
For information about web threat protection in Microsoft Defender ATP, see web protection documentation.