Whitelist a Website or Domain in Microsoft 365 Defender

Web content filtering is a part of the web protection capabilities of Microsoft Defender for Endpoint and Microsoft Defender for Business. Web content filtering can be used to track and manage access to websites based on various content categories.

The policies can be applied to all devices or groups of devices. They’re also available on all the major web browsers. Windows Defender SmartScreen blocks a website for Microsoft Edge Browser, and Network Protection is used for other third-party browsers, e.g., Google Chrome.

License Requirements

The following are the license requirements for using web content filtering:

SubscriptionYour subscription must include one of the following:
– Windows 10/11 Enterprise E5
– Microsoft 365 E5
– Microsoft 365 A5
– Microsoft 365 E5 Security
– Microsoft 365 E3
– Microsoft Defender for Endpoint Plan 1 or Plan 2
– Microsoft Defender for Business
– Microsoft 365 Business Premium
OSWindows 10 (1607) or later
Windows 11

Step 1 – Enable Web Content Filtering

Before you can whitelist a URL or domain, you need to enable Web Content Filtering from the Microsoft 365 Defender portal. To do this, log in to the defender portal with Security or Global Administrator role and follow these steps.

  • Scroll to the end of the page to find Settings on the left-hand side.
  • From the Settings > Endpoints > General > Advanced features.
  • Find Web Content Filtering and toggle the switch to ON.
Enable Web content filtering on Microsoft 365 defender portal
Enable Web content filtering on Microsoft 365 Defender portal

Step 2 – Whitelist a URL or Domain on Microsoft 365 Defender

To block an entire category of websites, such as Social Networking or High Bandwidth Sites, you can create a policy by going to Settings > Endpoints > Web Content Filtering and clicking on Add Item to create a policy.

If you want to whitelist a specific URL or domain in Microsoft 365, follow these steps:

  • Sign in to the Microsoft 365 Defender portal.
  • Go to Settings > Endpoints.
  • On the left-hand side, find Indicators.
  • Find URLs/Domains from the list of Indicators.
  • Click on + Add item to add a URL or Domain.
Add a URL or domain to whitelist using Microsoft Defender portal
Add a URL or domain to whitelist using Microsoft Defender portal
  • Once you click Add Item, a flyout will appear where you can provide information about the website you want to whitelist. You can enter either the URL or the domain name. Also, you can set an expiry date for this rule.
Add a URL or domain in the textbox URL/Domain
Add a URL or domain in the textbox URL/Domain
  • In the Action tab, select Allow to whitelist the website. You should also provide a title and description for this rule. Other options are available, such as Audit, Warn, and Block execution. If you want to block website access, choose Block execution. If you want to allow a website with a warning message and set a specific time limit, use the Warn option.
Select Response action as Allow. Provide a Title and description.
Select Response action as Allow. Provide a Title and description.
  • You can apply this rule to All devices in my organization or Selected from list. If you want to use the Select from list option, create a device group first. Go to Settings > Endpoints > Permissions > Device groups to create a device group and use that group to apply this policy.
Add URL/Domain indicator page
Add URL/Domain indicator page
  • The Summary page displays an overview of the information you’ve provided to whitelist the website. Verify that the details are correct, and click Save to save the rule.
Check and Summary and proceed to create this policy
Check and Summary and proceed to create this policy

End User Experience

If you have Whitelisted a website, then users will be able to access the website from the targeted devices where the whitelisting rule has been applied. However, If you have created a rule to block a certain website, then users will get an error message.

Error shown will be different based on the browser users are using.

  • Microsoft Edge – When you try to access a blocked website using MS Edge browser, it will show a red background with The content is blocked message.
  • Google Chrome – When you try to access a blocked website using chrome browser, You will get Site can’t provide a secure connection error message.

Error Message when using Microsoft Edge web browser

This content is blocked

For your protection, your organization is not allowing you to access the resource or content hosted by gmail.com. To learn more about why you’re seeing this message or to get in touch with your administrator, visit the support page.

Content is blocked message when using Microsoft Edge browser
Content is blocked message when using Microsoft Edge browser

Error Message when using Google Chrome web browser

When users try to access a blocked website using Google Chrome, they will get below error message.

This site can’t provide a secure connection. Gmail.com uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Site can’t provide a secure connection – Google Chrome browser

Conclusion

This blog post shows how to allow or block a certain URL or domain by using the Microsoft 365 Defender portal. You can first test the change on a few devices by creating a device group and extending it to include more. If you have fully tested this change on test devices, you can change the assignment to All devices in my organization.

Leave a Comment