How to Whitelist a URL/Domain in Microsoft Defender SmartScreen

How to Whitelist a URL/Domain in Microsoft Defender SmartScreen

The purpose of this blog post is to inform you how to whitelist a URL/Domain in Microsoft Defender SmartScreen for a device that is managed by Microsoft Intune and devices that are onboarded to Defender for Endpoint.

In this blog post, I will explain how to whitelist a URL/domain in Microsoft Defender for devices that are only managed by Microsoft Intune, and in the second part of this blog, I will explain how to whitelist a URL/Domain in Microsoft Defender SmartScreen for devices that are onboarded to Defender for Endpoint. In my previous blog, you can read how to configure Microsoft Defender SmartScreen via Intune for Edge, Windows 10/11, and Google Chrome.

Requirements:

Windows 10 Pro/Enterprise
Microsoft Intune license

Defender for Endpoint Requirements:

Defender for endpoint license
Network Protection must be set to block mode
The Antimalware client version must be 4.18.1906.x or later
Windows 10, version 1709 or later / Windows 11
Custom network indicators are enabled

How to whitelist a URL/domain for Intune managed devices

Open Microsoft endpoint manager
In the menu select Devices
Under Devices, select Windows and select configuration profiles
Or use the following link Windows – Microsoft Endpoint Manager admin center
Open the Microsoft Defender SmartScreen configuration profile. If you have used the above configuration you have to open EndpointCave-PRD-W10-MicrosoftEdge
Click on Microsoft Edge

<img data-lazy-fallback="1" decoding="async" class='wp-image-4240 avia-img-lazy-loading-not-4240 avia_image ' src="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Select-Microsoft-Edge.png?fit=1162%2C475&ssl=1" alt='' title='Select Microsoft Edge' height="475" width="1162" itemprop="thumbnailUrl" srcset="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Select-Microsoft-Edge.png?w=1162&ssl=1 1162w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Select-Microsoft-Edge.png?resize=300%2C123&ssl=1 300w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Select-Microsoft-Edge.png?resize=1030%2C421&ssl=1 1030w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Select-Microsoft-Edge.png?resize=768%2C314&ssl=1 768w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Select-Microsoft-Edge.png?resize=705%2C288&ssl=1 705w" sizes="(max-width: 1162px) 100vw, 1162px" />

And click on SmartScreen settings
Enable the following configuration setting Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings
Configure the list of domains for which Microsoft defender SmartScreen will not trigger warnings for your end-users

<img data-lazy-fallback="1" decoding="async" class='wp-image-4259 avia-img-lazy-loading-not-4259 avia_image ' src="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Websites-that-can-bypass-Microsoft-Defender-SmartScreen.png?fit=565%2C760&ssl=1" alt='' title='Websites that can bypass Microsoft Defender SmartScreen' height="760" width="565" itemprop="thumbnailUrl" srcset="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Websites-that-can-bypass-Microsoft-Defender-SmartScreen.png?w=565&ssl=1 565w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Websites-that-can-bypass-Microsoft-Defender-SmartScreen.png?resize=223%2C300&ssl=1 223w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Websites-that-can-bypass-Microsoft-Defender-SmartScreen.png?resize=524%2C705&ssl=1 524w" sizes="(max-width: 565px) 100vw, 565px" />

Click on OK
Click on Review + Save
Check at the configuration page that only Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings is changed at the Review + Create page and click on Save

How to whitelist a URL/Domain for Defender for Endpoint onboarded devices.

Open https://security.microsoft.com
In the left menu, scroll down and click on settings

<img data-lazy-fallback="1" decoding="async" class='wp-image-4266 avia-img-lazy-loading-not-4266 avia_image ' src="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Security-portal-menu-1.png?fit=286%2C426&ssl=1" alt='' title='Security portal menu' height="426" width="286" itemprop="thumbnailUrl" srcset="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Security-portal-menu-1.png?w=286&ssl=1 286w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Security-portal-menu-1.png?resize=201%2C300&ssl=1 201w" sizes="(max-width: 286px) 100vw, 286px" />

Click now on Endpoints in the main page
In the 2^nd menu (submenu), scroll down to Rules
Click on indicators

<img data-lazy-fallback="1" decoding="async" class='wp-image-4267 avia-img-lazy-loading-not-4267 avia_image ' src="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Indicator-1.png?fit=300%2C292&ssl=1" alt='' title='Indicator' height="292" width="300" itemprop="thumbnailUrl" srcset="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Indicator-1.png?w=451&ssl=1 451w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Indicator-1.png?resize=300%2C292&ssl=1 300w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Indicator-1.png?resize=36%2C36&ssl=1 36w" sizes="(max-width: 300px) 100vw, 300px" />

Now you must click under indicators on URLs/Domains

<img data-lazy-fallback="1" decoding="async" class='wp-image-4268 avia-img-lazy-loading-not-4268 avia_image ' src="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/add-indicator.png?fit=935%2C246&ssl=1" alt='' title='URL&Domains' height="246" width="935" itemprop="thumbnailUrl" srcset="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/add-indicator.png?w=935&ssl=1 935w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/add-indicator.png?resize=300%2C79&ssl=1 300w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/add-indicator.png?resize=768%2C202&ssl=1 768w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/add-indicator.png?resize=705%2C185&ssl=1 705w" sizes="(max-width: 935px) 100vw, 935px" />

Now we must add a URL/domain to whitelist, click on + add item

<img data-lazy-fallback="1" decoding="async" class='wp-image-4304 avia-img-lazy-loading-not-4304 avia_image ' src="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/add-indicator-2.png?fit=1100%2C219&ssl=1" alt='' title='add indicator' height="219" width="1100" itemprop="thumbnailUrl" srcset="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/add-indicator-2.png?w=1100&ssl=1 1100w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/add-indicator-2.png?resize=300%2C60&ssl=1 300w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/add-indicator-2.png?resize=1030%2C205&ssl=1 1030w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/add-indicator-2.png?resize=768%2C153&ssl=1 768w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/add-indicator-2.png?resize=705%2C140&ssl=1 705w" sizes="(max-width: 1100px) 100vw, 1100px" />

Add URL/Domain eg., https://www.EndpointCave.com or https://microsoft.com

<img data-lazy-fallback="1" decoding="async" class='wp-image-4270 avia-img-lazy-loading-not-4270 avia_image ' src="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Add-url-endpointcave.png?fit=581%2C288&ssl=1" alt='' title='Add url endpointcave' height="288" width="581" itemprop="thumbnailUrl" srcset="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Add-url-endpointcave.png?w=581&ssl=1 581w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Add-url-endpointcave.png?resize=300%2C149&ssl=1 300w" sizes="(max-width: 581px) 100vw, 581px" />

Click on next at the bottom of the page
Set a response action. For whitelisting we will use Allow.

Note.

Audit: The user will not be prompted but you will get insight if they are visiting the configured URL or domain.

Warn: The users will be prompted with the Microsoft Defender SmartScreen page but are allowed to bypass the prompt.

Block execution: Block websites and the user will get the Microsoft Defender SmartScreen block page

<img data-lazy-fallback="1" decoding="async" class='wp-image-4272 avia-img-lazy-loading-not-4272 avia_image ' src="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/indicator-response-action.png?fit=573%2C482&ssl=1" alt='' title='indicator response action' height="482" width="573" itemprop="thumbnailUrl" srcset="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/indicator-response-action.png?w=573&ssl=1 573w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/indicator-response-action.png?resize=300%2C252&ssl=1 300w" sizes="(max-width: 573px) 100vw, 573px" />

After we set the response action to allow, we must set some details otherwise we cannot save the indicator

<img data-lazy-fallback="1" decoding="async" class='wp-image-4273 avia-img-lazy-loading-not-4273 avia_image ' src="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Indicator-details.png?fit=300%2C149&ssl=1" alt='' title='Indicator details' height="149" width="300" itemprop="thumbnailUrl" srcset="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Indicator-details.png?w=574&ssl=1 574w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Indicator-details.png?resize=300%2C149&ssl=1 300w" sizes="(max-width: 300px) 100vw, 300px" />

Now we can click on next, so click on Next
Click next on the scope page
At the summary page, check your configuration

<img data-lazy-fallback="1" decoding="async" class='wp-image-4274 avia-img-lazy-loading-not-4274 avia_image ' src="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Indicator-summary.png?fit=568%2C595&ssl=1" alt='' title='Indicator summary' height="595" width="568" itemprop="thumbnailUrl" srcset="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Indicator-summary.png?w=568&ssl=1 568w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Indicator-summary.png?resize=286%2C300&ssl=1 286w" sizes="(max-width: 568px) 100vw, 568px" />

After your review, click on save
The URL/domain is now whitelisted,

<img data-lazy-fallback="1" decoding="async" class='wp-image-4303 avia-img-lazy-loading-not-4303 avia_image ' src="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Overview-indicator-1.png?fit=946%2C318&ssl=1" alt='' title='Overview indicator' height="318" width="946" itemprop="thumbnailUrl" srcset="https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Overview-indicator-1.png?w=946&ssl=1 946w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Overview-indicator-1.png?resize=300%2C101&ssl=1 300w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Overview-indicator-1.png?resize=768%2C258&ssl=1 768w, https://i0.wp.com/endpointcave.com/wp-content/uploads/2022/05/Overview-indicator-1.png?resize=705%2C237&ssl=1 705w" sizes="(max-width: 946px) 100vw, 946px" />

Note. It can take up to 2 hours (usually less) to whitelist the URL/Domain

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.