Defender for Endpoint: URL filtering broken?

Sicherheit (Pexels, allgemeine Nutzung)[German]Quick question to my blog readers. I have received a report that URL filtering.in Defender for Endpoint is broken. In this context, it would be interesting to know if there are other people affected or if the reader is an isolated case. The affected companies are those where Defender for Endpoint is used in conjunction with Windows 11 22H2 and Microsoft 365.


Advertising

A brief classification

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help corporate networks prevent, detect, investigate and respond to advanced threats. Several subscription plans are available from Microsoft.

One of the features of Defender for Endpoint allows for web content filtering as part of the web protection capabilities. Administrators can use web content filtering to track and regulate access to websites based on their content categories. Many of these sites (even if they are not malicious) can be problematic due to compliance regulations, bandwidth usage, or other concerns. Policies can be used to block access to a category. This prevents users within certain device groups from accessing URLs associated with that category.

URLs are automatically checked for each category that is not blocked. Users can access the URLs without interruption, and administrators collect access statistics to make a more customized policy decision. Users receive a blocking notification when an item on the displayed page accesses a blocked resource.

URL filtering issues

A blog reader emailed me a few hours ago to let me know that he was experiencing problems with Defender for Endpoint's URL filter. The reader wrote:

I am a diligent reader of your blog, thanks for the always top prepared topics.

Maybe this topic is also an issue for others?

As of this morning [AR: August 15, 2023], URL filtering from Defender for Endpoint no longer works. We are running Windows 11 Enterprise 22H2 and using Microsoft 365 E5.

The settings in the admin center of Microsoft 365 are correct and have been checked again to be on the safe side.

This problem already existed briefly last Friday afternoon (August 11), but after two hours the URL filtering worked again on its own.

We also already submitted a ticket to the Microsoft 365 admin center on Friday, but have not received any feedback yet. There seems to be a problem with the ticket system, as it doesn't even show that an employee has been assigned to the ticket. Therefore, I have submitted more tickets today.

My searches on the web did not yield any hits.

Therefore, I pass on the question to the readership if anyone has also found problems with URL filtering in this context.


Advertising

Addendum: Seems a general issue

I received a comment to my German blog post, where another user has confirmed the observation outlined above. The user wrote (translated).

I noticed the issue with the Defender WCF already last week during routine checks. This affects the Edge browser, as well as third party browsers. I have checked all policies in Intune.

Network Protection in the Defender Antivirus profile is active. The profile is successfully assigned on my clients. Likewise, I checked the policies in Security Center.

As a test, I created a new filter category and assigned it to a test group.

Again no success.

I tested via the blocking category Weapons with the website of the weapons manufacturer Heckler&Koch.

I used this website for testing a few months ago. This is now no longer blocked.

I have run the MDE Analyzer on it. Again, the Network Protection is set to block mode.

In the post Web content filtering and indicator aren't working on third party browser other users have similar problems.


Advertising

This entry was posted in Security, Software and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).