This guide will show an administrator how to enforce a URL ban that will prevent MDE enrolled devices from accessing the domain.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: Device Security
Domain: Endpoint Indicator Management
Modifies: Unsanctioned URLs/Domains
Defender for Endpoint URL/Domain IOC Block
- Navigate to the URL/Domains – Microsoft Defender portal, select Add Item.
- In the URL/Domain input box, specify the address. Click Next.
- For the response action, select Block Execution. If an alert should be generated when executed, check Generate Alert and fill in the Alert Title and Alert Severity. At the bottom of the page, fill in the Description with the intent of giving future context if the rule is to be reviewed at a later date. Click Next.
- Click Save on the next page after reviewing the IOC. Actions should take effect in less than 4 hours.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.