This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 86%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEC%3C/text%3E%3C/svg%3E)
Good morning, MS Team!
I've been handling incidents and alerts through MS Defender about employees trying to access flagged or suspicious URL. The access was detected and blocked by network protection.
Whenever I reach out to the users to validate the activity, the most common answer I get from users is they're unsure or doesn't recall the attempt since the suspicious URL doesn't show in their browsing history. I've read the entire Respond to Web Threats topic but didn't find anything that says blocked URLs by network protection won't get logged in the user's browsing history.
So my questions are:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Erwin Corvera Thank you for reaching out to us, just wanted to check if you have reviewed this article - https://learn.microsoft.com/en-us/defender-endpoint/investigate-domain where it has the steps on investigating the domain and suspicious URL's.
However let me research on the above mentioned questions and revert back.