Microsoft Defender
      Back to home
      1. Sittadel Knowledge Base
      2. Management Guides
      3. Microsoft Defender

      Defender Web Filter URL/Domain Block

      This guide will show an administrator how to block a URL from being accessed by MDE enrolled devices.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.Security

      Handbook Reference

      Package: TBD

      Domain: TBD

      Modifies: TBD

      Defender Web Filter URL Block

      1. Navigate to the URL/Domains – Microsoft Defender portal, locate and select the Add Item action.
      2. A pop-up will be generated enter the desired URL/Domain of the website that should be blacklisted. You will also need to provide basic information associated with the entry such a Title and Description, with the intent of giving future context if the rule is to be reviewed later. From this page you will either keep the default block time frame of Never or specify a Custom time frame. Select Next to continue.
      3. For the response action, select Block Execution. Select Next to continue.
      4. If an alert should be generated when executed, check Generate Alert and fill in the desired Severity, Category, and the Recommended actions for handling alerts tied to this indicator. Select Next to continue.
      5. The default for the organizational scope is set to all MDE joined devices, select Next to continue.
      6. A final screen will appear; click Save. The site should be inaccessible within 30 minutes from the blacklisting activity.

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.