How to Whitelist a Website or domain in Microsoft 365 Defender

by

Web content filtering is a part of web protection capabilities in Microsoft defender for Endpoint and Microsoft Defender for business. Web content filtering can be used to track and manage the access to websites based on various content categories.

The policies can be applied to either all devices or group of devices. It’s also available on all the major web browsers as well. Blocking a website if performed by Windows Defender SmartScreen for Microsoft Edge Browser and Network Protection is used for other third party browsers e.g. Google Chrome.

License Requirements

There are below License requirements for using Web content filtering:

SubscriptionYour subscription must include one of the following:
– Windows 10/11 Enterprise E5
– Microsoft 365 E5
– Microsoft 365 A5
– Microsoft 365 E5 Security
– Microsoft 365 E3
– Microsoft Defender for Endpoint Plan 1 or Plan 2
– Microsoft Defender for Business
– Microsoft 365 Business Premium
OSWindows 10 (1607) or later
Windows 11

Enable Web Content Filtering

Before you can whitelist a URL or domain, you will need to Enable Web Content Filtering from Microsoft 365 defender portal. You can login on this portal as a Security Administrator or Global Administrator role and follow below steps to Enable Web Content Filtering.

After you login on the Microsoft 365 Defender portal:

  • Scroll to the end of the page to find Settings on the left hand side.
  • From the Settings page, Click on Endpoints.
  • Under General, Select Advanced features.
  • Find Web Content Filtering and toggle the switch to ON.
Enable Web content filtering on Microsoft 365 defender portal
Enable Web content filtering on Microsoft 365 defender portal

Steps to Whitelist a URL or domain from Microsoft 365 Defender

If you want to block the whole category of websites for example Social Networking or High Bandwidth Sites. You can create a Policy from Settings -> Endpoints -> Web Content Filtering and then Click on + Add Item to create a Policy.

However, if you just want to whitelist a single URL or a domain then you can follow below steps to whitelist a website or domain in office 365 / Microsoft 365.

  • Login on Microsoft 365 defender portal
  • Go to Settings and then click on Endpoints
  • On the Left hand side find Indicators
  • Find URLs/Domains from the list of Indicators
  • Click on + Add item to add a URL or Domain
Add a URL or domain to whitelist using Microsoft Defender portal
Add a URL or domain to whitelist using Microsoft Defender portal

After clicking on Add Item you will see a flyout to fill in the information about the website which you want to whitelist. You can either provide a URL of the website or you can provide a domain name. You can set the Expiry date for this rule as well.

Add a URL or domain in the textbox URL/Domain
Add a URL or domain in the textbox URL/Domain

From the Action tab, Select Allow to whitelist this website. Provide a Title and Description of this rule. There are other options as well like Audit, Warn and Block execution. If you would want to block the website access then select Block execution. If you want to allow a website with a warning message and also for few hours then use Warn option.

Select Response action as Allow. Provide a Title and description.
Select Response action as Allow. Provide a Title and description.

You can apply this rule to either All devices in my organization or Selected devices. Before you select “Select from List”. Make sure to create a device group first before you can select it from the drop down. To create a device group, you can Go to Settings > Endpoints > Permissions > Device groups.

You can create a device group for specific devices or select "All devices in my organization"
You can create a device group for specific devices or select “All devices in my organization”

Summary page just shows the summary of the form we completed to whitelist the website. Verify if this information is correct and click on Save.

Check and Summary and proceed to create this policy
Check and Summary and proceed to create this policy

End user Experience

When a user will try to connect to a website which has been blocked by Microsoft 365 Defender admin using Microsoft 365 Defender admin portal. Users will receive below error messages based on the web browser in use.

For Microsoft Edge, it will show a red background with “The content is blocked” message. and when using Google chrome browser, you will get “Site can’t provide a secure connection” error message. Screenshot for both the error message is shown below.

When using Microsoft Edge web browser

When a user tries to access a blocked website using Edge browser, below error page is shown:

This content is blocked

For your protection, your organization is not allowing you to access the resource or content hosted by gmail.com. To learn more about why you’re seeing this message or to get in touch with your administrator, visit the support page.

Content is blocked message when using Microsoft Edge browser
Content is blocked message when using Microsoft Edge browser

When using Microsoft Edge web browser

When users try to access a blocked website using Google chrome, they will get below error message.

This site can’t provide a secure connection. Gmail.com uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Site can’t provide a secure connection – Google chrome browser

Conclusion

In this blog post, we have see how to allow or block a certain URL or domain from Microsoft 365 defender portal. You can first test the change on few devices by creating a device group and extend to include more devices. If you have fully tested this change on test devices then you can change the assignment to “All devices in my organization“.

READ NEXT