Web Protection

Configure web protection policies to safeguard users from malicious websites, phishing attempts, and unwanted web content. Integrates with Microsoft Defender for Endpoint and SmartScreen.

Protection Components

Web Threat Protection

Block access to known malicious websites: phishing, malware distribution, exploit hosting, and fraud sites.

Web Content Filtering

Control access by content category:

Network Protection

Block outbound connections to low-reputation hosts. Integrates with SmartScreen. Modes: Block, Audit, Disabled.

Custom Indicators

Create custom allow or block rules:

• URLs — Block or allow specific URLs
• Domains — Block or allow entire domains
• IP Addresses — Block or allow specific IPs

Indicator Priority

1. Allow indicators (highest)
2. Block indicators
3. Category-based filtering
4. Default policy (lowest)

SmartScreen Integration

• Warns about reported phishing sites
• Blocks known malware downloads
• Checks downloaded files against malicious list
• Available in Edge, Chrome (extension), and OS level

Configuring Web Protection

1. Enable Network Protection (Block or Audit)
2. Configure Web Content Filtering categories
3. Add custom URL/domain indicators
4. Assign to device groups

Reporting

• Blocked web access by category
• Top blocked domains and URLs
• Custom indicator match counts
• Network protection events

Best Practices

• Enable Network Protection in Block mode
• Start content filtering in Audit mode
• Use category-based filtering for broad coverage
• Review blocked access reports weekly
• Coordinate with HR and legal on filtering policies

API Reference

• GET /api/devices/security/web-protection/status — Get status
• GET /api/devices/security/web-protection/indicators — List indicators
• POST /api/devices/security/web-protection/indicators — Create indicator
• GET /api/devices/security/web-protection/events — Get blocked events