Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
SOLVED

Microsoft Defender for Endpoint Web Filtering Problem

Brass Contributor

HI All, i have a strange issue with Microsoft Defender for Endpoint, network protection is in block mode, i add custom indicator, and web page is blocked by Microsoft Edge but not in other Browser Like Chrome, Opera or Firefox, in the past websites ar correctly blocked, there are other person with this issue ?

Many Thanks,

Regards,

Guido

7 Replies
it's a known issue and we are waiting for any updates from MS, content filtering is working with Edge but not with chrome and Firefox.
Hi,
Thanks, i have just open a case in Microsoft, they give a lot of test but problem to customer persist.
At this point i waiting a solution from Microsoft Side
Many Thanks
Regards
Guido
If you read the MS docs you will find that it is unable to filter HTTPS traffic on third party browsers. The only real options to all such filtering is block third party browsers and only use Edge.

@Robert Crane hi Robert,

Thanks so mouch for your respons, but in the documentation i See that web content filtering support other browser https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-content-filtering?vie...

with network protection in block mode, infact a few months later this option works without problem, in the ticket Ms confirm that webcontentfiltering must work,

Many Thanks 

regards

guido

best response confirmed by gaudium91 (Brass Contributor)
Solution

@gaudium91 per the documentation 

 

Known issues and limitations

Network protection does not currently support SSL inspection, which might result in some sites being allowed by web content filtering that would normally be blocked. Sites would be allowed due to a lack of visibility into encrypted traffic after the TLS handshake has taken place and an inability to parse certain redirects. This includes redirections from some web-based mail login pages to the mailbox page. As an accepted workaround, you can create a custom block indicator for the login page to ensure no users are able to access the site. Keep in mind, this might block their access to other services associated with the same website.

Thanks Roberto for your support,
Yes also with custom indicators i have the same probelm, when i have a response from a Microsoft Ticket i post in this section
Many Thanks
Regards
Guido
Hi All, i resolved this issue with Microsoft Support, now i share solution in this 3d for all.
This two regkey:
https://learn.microsoft.com/en-us/windows/client-management/mdm/defender-csp#configurationdisablehtt...
https://learn.microsoft.com/en-us/windows/client-management/mdm/defender-csp#configurationdisabledns...
Are set to 1 (Enable) nevertheless in MDE configuration is set to Disable, support says that is a bug, so i set to "Not Configured" in MDE policy and i create OMA-URI Policy to force this two regkey to 0 (Disable) and in this way Indicators and web category are correctly Blocked :)

1 best response

Accepted Solutions
best response confirmed by gaudium91 (Brass Contributor)
Solution

@gaudium91 per the documentation 

 

Known issues and limitations

Network protection does not currently support SSL inspection, which might result in some sites being allowed by web content filtering that would normally be blocked. Sites would be allowed due to a lack of visibility into encrypted traffic after the TLS handshake has taken place and an inability to parse certain redirects. This includes redirections from some web-based mail login pages to the mailbox page. As an accepted workaround, you can create a custom block indicator for the login page to ensure no users are able to access the site. Keep in mind, this might block their access to other services associated with the same website.

View solution in original post