Blocked Suspicious URL and Browsing History

Erwin Corvera 25 Reputation points
2024-07-11T15:00:13.43+00:00

Good morning, MS Team!

I've been handling incidents and alerts through MS Defender about employees trying to access flagged or suspicious URL. The access was detected and blocked by network protection.

Whenever I reach out to the users to validate the activity, the most common answer I get from users is they're unsure or doesn't recall the attempt since the suspicious URL doesn't show in their browsing history. I've read the entire Respond to Web Threats topic but didn't find anything that says blocked URLs by network protection won't get logged in the user's browsing history.

So my questions are:

  1. Are URLs blocked by network protection not logged in the user's browsing history?
  2. Is there another way for me to help the users validate through their respective endpoints that the said URLs were indeed attempted?
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,421 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.