Protect your organization against web threats

Applies to:

• Microsoft Defender for Endpoint Plan 1
• Microsoft Defender for Endpoint Plan 2
• Microsoft Defender XDR

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.

Web threat protection is part of Web protection in Defender for Endpoint. It uses network protection to secure your devices against web threats. By integrating with Microsoft Edge and popular third-party browsers like Chrome and Firefox, web threat protection stops web threats without a web proxy and can protect devices while they're away or on premises. Web threat protection stops access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, and sites that you are blocked because they're in your custom indicator list.

Note

It might take up to two hours for devices to receive new custom indicators.

Prerequisites

Web protection uses network protection to provide web browsing security on Microsoft Edge and non-Microsoft web browsers.

To turn on network protection on your devices:

• Edit the Defender for Endpoint security baseline under Web & Network Protection to enable network protection before deploying or redeploying it. Learn about reviewing and assigning the Defender for Endpoint security baseline
• Turn network protection on using Intune device configuration, SCCM, Group Policy, or your MDM solution. Read more about enabling network protection

Note

If you set network protection to Audit only, blocking will be unavailable. Also, you will be able to detect and log attempts to access malicious and unwanted websites on Microsoft Edge only.

Configure web threat protection

The following procedure describes how to configure web threat protection using the Microsoft Intune admin center.

1. Go to the Microsoft Intune admin center (https://intune.microsoft.com), and sign in.

2. Choose Endpoint security > Attack surface reduction, and then choose + Create policy.

3. Select a platform, such as Windows 10 and later, select the Web protection profile, and then choose Create.

4. On the Basics tab, specify a name and description, and then choose Next.

5. On the Configuration settings tab, expand Web Protection, specify your settings, and then choose Next.

   • Set Enable network protection to Enabled so web protection is turned on. Alternately, you can set network protection to Audit mode to see how it works in your environment. In audit mode, network protection doesn't prevent users from visiting sites or domains, but it does track detections as events.
   • To protect users from potential phishing scams and malicious software, turn Require SmartScreen for Microsoft Edge Legacy to Yes.
   • To prevent users from bypassing warnings about potentially malicious sites, set Block malicious site access to Yes.
   • To prevent users from bypassing the warnings and downloading unverified files, set Block unverified file download to Yes.

6. On the Scope tags tab, if your organization is using scope tags, choose + Select scope tags, and then choose Next. (If you aren't using scope tags, choose Next.) To learn more about scope tags, see Use role-based access control (RBAC) and scope tags for distributed IT.

7. On the Assignments tab, specify the users and devices to receive the web protection policy, and then choose Next.

8. On the Review + create tab, review your policy settings, and then choose Create.

Related articles

• Web protection overview
• Web threat protection
• Monitor web security
• Respond to web threats
• Network protection

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.