mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 21:37:22 +00:00
Merge pull request #7084 from krupatms/patch-3
Update web-content-filtering.md
This commit is contained in:
Beth Woodbury
GitHub
commit
4f3ff23978
@ -24,11 +24,11 @@ ms.topic: article
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
|
||||
|
||||
Web content filtering is part of [Web protection](web-protection-overview.md) in Microsoft Defender ATP. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic due to compliance regulations, bandwidth usage, or other concerns.
|
||||
Web content filtering is part of [Web protection](web-protection-overview.md) capabilities in Microsoft Defender ATP. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic due to compliance regulations, bandwidth usage, or other concerns.
|
||||
|
||||
You can configure policies across your device groups to block certain categories, effectively preventing users within specified device groups from accessing URLs within that category. If a category is not blocked, all your users will be able to access the URLs without disruption. However, web content filtering will continue to gather access statistics that you can use to understand web usage and inform future policy decisions. If an element on the page you’re viewing is making calls to a resource which is blocked, you will see a block notification.
|
||||
You can configure policies across your device groups to block certain categories, effectively preventing users within specified device groups from accessing URLs that are associated with the category. For any category that's not blocked, they are automatically audited i.e. your users will be able to access the URLs without disruption and you will continue to gather access statistics to help create a more custom policy decision. If an element on the page you’re viewing is making calls to a resource which is blocked, your users will see a block notification.
|
||||
|
||||
Web content filtering is available on most major web browsers, with blocks performed by SmartScreen (Edge) and Network Protection (Internet Explorer, Chrome, Firefox, and all other browsers). See the prerequisites section for more information about browser support.
|
||||
Web content filtering is available on the major web browsers, with blocks performed by SmartScreen (Edge) and Network Protection (Chrome and Firefox). See the prerequisites section for more information about browser support.
|
||||
|
||||
To summarize the benefits:
|
||||
|
||||
@ -38,8 +38,9 @@ To summarize the benefits:
|
||||
|
||||
## User experience
|
||||
|
||||
The standard blocking experience is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection.
|
||||
For a more user-friendly experience, consider using SmartScreen on Edge.
|
||||
The blocking experience for Chrome/Firefox is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection.
|
||||
|
||||
For a more user-friendly in-browser experience, consider using Edge.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
@ -47,51 +48,13 @@ Before trying out this feature, make sure you have the following:
|
||||
|
||||
- Windows 10 Enterprise E5 license
|
||||
- Access to Microsoft Defender Security Center portal
|
||||
- Devices running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update (for Network Protection on Internet Explorer, Edge, Chrome, or Firefox)
|
||||
- Devices running Windows 10 May 2019 Update (version 1903) or later (for a better user experience from SmartScreen on Edge). Note that if SmartScreen is not turned on, Network Protection will take over the blocking
|
||||
- A valid license with a partner data provider
|
||||
- Devices running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update.
|
||||
Note that if SmartScreen is not turned on, Network Protection will take over the blocking.
|
||||
|
||||
## Data handling
|
||||
|
||||
For this feature, we will follow whichever region you have elected to use as part of your [Microsoft Defender ATP data handling settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. However, we may send them aggregate data (across users and organizations) to help them improve their feeds.
|
||||
|
||||
## Partner licensing
|
||||
|
||||
In order to give customers access to various sources of web content categorization data, we are very excited to partner with data providers for this feature. We’ve chosen [Cyren](https://www.cyren.com/threat-intelligence) as our first partner, who we’ve worked with closely to build an integrated solution.
|
||||
|
||||
### About Cyren and Threat Intelligence Service for Microsoft Defender ATP
|
||||
|
||||
Cyren’s URL filtering includes 70 categories, providing partners with the ability to build powerful and advanced web security applications. Cyren’s comprehensive categories provide the necessary flexibility for any implementation requirement.
|
||||
|
||||
The broad range of categories enables numerous applications:
|
||||
|
||||
- Protecting users browsing the web from threats such as malware and phishing sites
|
||||
- Ensuring employee productivity
|
||||
- Consumer services such as parental control
|
||||
|
||||
Cyren's web content classification technology is integrated by design into Microsoft Defender ATP to enable web filtering and auditing capabilities.
|
||||
|
||||
Learn more at https://www.cyren.com/products/url-filtering.
|
||||
|
||||
### Cyren Permissions
|
||||
|
||||
"Sign in and read user profile" allows Cyren to read your tenant info from your Microsoft Defender ATP account, such as your tenant ID, which will be tied to your Cyren license.
|
||||
|
||||
"Read and Write Integration settings" exists under the WindowsDefenderATP scope within permissions. This line allows Cyren to add/modify/revoke Cyren license status on the Microsoft Defender ATP portal.
|
||||
|
||||
### Signing up for a Cyren License
|
||||
|
||||
Cyren is offering a 60-day free trial for all Microsoft Defender ATP customers. To sign up, please follow the steps below from the portal.
|
||||
|
||||
>[!NOTE]
|
||||
>Make sure to add the URL you get redirected to by the signup process to the list of approved domains.
|
||||
|
||||
>[!NOTE]
|
||||
>A user with AAD app admin/global admin permissions is required to complete these steps.
|
||||
|
||||
1. Go to **Reports > Web protection** from the side navigation
|
||||
2. Select the **Connect to a partner** button
|
||||
3. Go through the flow from the flyout to register and connect your Cyren account
|
||||
|
||||
## Turn on web content filtering
|
||||
|
||||
@ -116,6 +79,8 @@ To add a new policy:
|
||||
>[!NOTE]
|
||||
>If you are removing a policy or changing device groups at the same time, this might cause a delay in policy deployment.
|
||||
|
||||
>ProTip: You can deploy a policy without selecting any category on a device group. This action will create an audit only policy, to help you understand user behavior before creating a block policy.
|
||||
|
||||
## Web content filtering cards and details
|
||||
|
||||
Select **Reports > Web protection** to view cards with information about web content filtering and web threat protection. The following cards provide summary information about web content filtering.
|
||||
@ -154,18 +119,14 @@ You can access the **Report details** for each card by selecting a table row or
|
||||
|
||||
Use the time range filter at the top left of the page to select a time period. You can also filter the information or customize the columns. Select a row to open a flyout pane with even more information about the selected item.
|
||||
|
||||
|
||||
## Errors and issues
|
||||
|
||||
### Why am I seeing the error "Need admin approval" when trying to connect to Cyren?
|
||||
|
||||
You need to be logged in to an AAD account with either App administrator or Global Administrator privileges. Your IT admin would most likely either have these permissions and/or be able to grant them to you.
|
||||
|
||||
### Limitations and known issues in this preview
|
||||
- Only Edge is supported if your device's OS configuraiton is Server (cmd > Systeminfo > OS Configuration). This is because Network Protection is only supported in Inspect mode on Server devices which is responsible for securing traffic across Chrome/Firefox.
|
||||
|
||||
- Unassigned devices will have incorrect data shown within the report. In the Report details > Device groups pivot, you may see a row with a blank Device Group field. This group contains your unassigned devices in the interim before they get put into your specified group. The report for this row may not contain an accurate count of devices or access counts.
|
||||
|
||||
- The data in our reports may not be congruent with other data on the site. We currently do not support real-time data processing for this feature, so you may see inconsistencies between the data in our reports and the URL entity page.
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Web protection overview](web-protection-overview.md)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user