How to Whitelist a URL/Domain in Microsoft Defender SmartScreen
The purpose of this blog post is to inform you how to whitelist a URL/Domain in Microsoft Defender SmartScreen for a device that is managed by Microsoft Intune and devices that are onboarded to Defender for Endpoint.
In this blog post, I will explain how to whitelist a URL/domain in Microsoft Defender for devices that are only managed by Microsoft Intune, and in the second part of this blog, I will explain how to whitelist a URL/Domain in Microsoft Defender SmartScreen for devices that are onboarded to Defender for Endpoint. In my previous blog, you can read how to configure Microsoft Defender SmartScreen via Intune for Edge, Windows 10/11, and Google Chrome.
Requirements:
Defender for Endpoint Requirements:
How to whitelist a URL/domain for Intune managed devices
- Open Microsoft endpoint manager
- In the menu select Devices
- Under Devices, select Windows and select configuration profiles
Or use the following link Windows – Microsoft Endpoint Manager admin center - Open the Microsoft Defender SmartScreen configuration profile. If you have used the above configuration you have to open EndpointCave-PRD-W10-MicrosoftEdge
- Click on Microsoft Edge
- And click on SmartScreen settings
- Enable the following configuration setting Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings
- Configure the list of domains for which Microsoft defender SmartScreen will not trigger warnings for your end-users
- Click on OK
- Click on Review + Save
- Check at the configuration page that only Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings is changed at the Review + Create page and click on Save
How to whitelist a URL/Domain for Defender for Endpoint onboarded devices.
- Open https://security.microsoft.com
- In the left menu, scroll down and click on settings
- Click now on Endpoints in the main page
- In the 2nd menu (submenu), scroll down to Rules
- Click on indicators
- Now you must click under indicators on URLs/Domains
- Now we must add a URL/domain to whitelist, click on + add item
- Add URL/Domain eg., https://www.EndpointCave.com or https://microsoft.com
- Click on next at the bottom of the page
- Set a response action. For whitelisting we will use Allow.
Note.
Audit: The user will not be prompted but you will get insight if they are visiting the configured URL or domain.
Warn: The users will be prompted with the Microsoft Defender SmartScreen page but are allowed to bypass the prompt.
Block execution: Block websites and the user will get the Microsoft Defender SmartScreen block page
- After we set the response action to allow, we must set some details otherwise we cannot save the indicator
- Now we can click on next, so click on Next
- Click next on the scope page
- At the summary page, check your configuration
- After your review, click on save
- The URL/domain is now whitelisted,
Note. It can take up to 2 hours (usually less) to whitelist the URL/Domain
hi René Laas,
Within my company, I’ve been putting into practice a policy that limits access to all websites save those on a list of websites that have been approved. The policy is currently permitting access to all websites rather than limiting it to only the allowed sites, despite my best efforts.
Would you kindly advise us on the best way to restrict all websites and only allow those that have been approved? I’ve tried a few other combinations, but they haven’t worked out perfectly.
Furthermore, because I am not a verified user on https://x.com/naizam_uddin , I was unable to contact you there. I would be very grateful for any help or thorough guidance you could provide on this subject.
Hi Naiza,
I have configured this use case, what is the use case for blocking all network traffic and allowing only specific websites?
However, I am think to use the web content filtering option within Defender and blocking all categories.
Hi Rene
On the scope can I select specific devices rather than all devices?
Not yet seen a way to do this, but may manager wants to apply this but only to two users?
Any help appreciated.
Regards
Hi Eflin,
If you want to apply the indicator only to two users you should work with device groups within Defender.
Kind regards,
Rene
How do you whitelist a URL/Domain for Microsoft Edge running on an Apple OS (Ventura 13.4)? or alternatively turn it off?
Hi Dana,
Did you enroll your iOS devices in defender for endpoint?
If so you can block and allow sites via the defender portal
Kind regards,
Rene