Share via

how to use MDE or MDCA or Intune to block all websites and only allow few URLs

Sergio Londono 671 Reputation points
2024-01-16T19:58:19.1266667+00:00

Hello team, Block all access web using MDE or MDCA or Intune I have a request to block all websites and only allow a few URLs in a single device. the device is onboarded with MDE, MDCA, and Intune. I can sanctioned and unsanctioned apps using MDCA, however, this applies to the whole organization. I can use an indicator in MDE to block specific URL, however, the wildcard option to match all URLs is not allowed https://*

I need a rule that blocks all websites and includes one exception that allows connecting only to office.com.  
Do you know if there exists any way to use indicators MDE to block all and only allow a few URLs?  

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,081 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,176 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
148 questions
0 comments
Accepted answer
  1. ZhoumingDuan-MSFT 13,635 Reputation points Microsoft Vendor
    2024-01-17T05:37:18.3266667+00:00

    @Sergio Londono,Thanks for posting in Q&A.

    From your description, I know you are looking for a way to block all websites and only allow few URLs via Intune.

    Based on my research, we can create an app configuration policy for Microsoft Edge and define a list of allowed URLs and a list of blocked URLs to achieve this.

    Here are some steps you can refer.

    1.Click App configuration policies > Click Add and select managed apps > Specify a name, select Microsoft Edge and which platform you want to configure > Click next.

    2.In Settings catalog section, select Use configuration designer as Configuration settings format > Click Add settings and search Define a list of allowed URLs and Block access to a list of URLs > Enter the URL you want to allow and block.

    3.In Setting page, enter the Name and value.

    4.In Assignment page, assign it to user or device group > Click create.

    [https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-managed-app]

    (https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-managed-app)

    Note: you can block all URLs via Block access to a list of URLs and configure one specific URL in Define a list of allowed URLs to achieve this, because URL Allowlist works with URL Blocklist, it as exceptions to URL Blocklist, moreover the allowed list takes precedence over the block list.

    Here are some links about how to configure URL format you can refer.

    https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#block-access-to-a-list-of-urls https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#define-a-list-of-allowed-urls

    Hope above information can help you. If there is any update feel free to contact me.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.