deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md
lomayor 89c7c4c7a0 WTP writing enhancements
2019-10-08 16:01:27 -07:00

3.1 KiB
Raw Blame History

title, description, keywords, search.product, search.appverid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic, ms.date
title description keywords search.product search.appverid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.author author ms.localizationpriority manager audience ms.collection ms.topic ms.date
Monitoring web browsing security in Microsoft Defender ATP Use web protection in Microsoft Defender ATP to monitor web browsing security web protection, web threat protection, web browsing, monitoring, reports, cards, domain list, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser eADQiWindows 10XVcnh met150 w10 deploy library security lomayor lomayor medium dansimp ITPro M365-security-compliance article 08/30/2019

Monitor web browsing security

Want to experience Microsoft Defender ATP? Sign up for a free trial.

Web protection lets you monitor your organizations web browsing security through reports under Reports > Web protection in the Microsoft Defender Security Center. The report contains cards that provide web threat detection statistics.

  • Web threat protection detections over time — this trending card displays the number of web threats detected by type during the selected time period (Last 30 days, Last 3 months, Last 6 months)

    Image of the card showing web threats protection detections over time

  • Web threat protection summary — this card displays the total web threat detections in the past 30 days, showing distribution across the different types of web threats. Selecting a slice opens the list of the domains that were found with malicious or unwanted websites.

    Image of the card showing web threats protection summary

Note

It can take up to 12 hours before a block is reflected in the cards or the domain list.

Types of web threats

Web protection categorizes malicious and unwanted websites as:

  • Phishing — websites that contain spoofed web forms and other phishing mechanisms designed to trick users into divulging credentials and other sensitive information
  • Malicious — websites that host malware and exploit code
  • Custom indicator — websites whose URLs or domains you've added to your custom indicator list for blocking

View the domain list

Select a specific web threat category in the Web threat protection summary card to open the Domains page and display the list of the domains under that threat category. The page provides the following information for each domain:

  • Access count — number of requests for URLs in the domain
  • Blocks — number of times requests were blocked
  • Access trend — change in number of access attempts
  • Threat category — type of web threat
  • Machines — number of machines with access attempts

Select a domain to view the list of machines that have attempted to access URLs in that domain as well as the list of URLs.

Related topics