How to Whitelist a URL/Domain in Microsoft Defender SmartScreen
The purpose of this blog post is to inform you how to whitelist a URL/Domain in Microsoft Defender SmartScreen for a device that is managed by Microsoft Intune and devices that are onboarded to Defender for Endpoint.
In this blog post, I will explain how to whitelist a URL/domain in Microsoft Defender for devices that are only managed by Microsoft Intune, and in the second part of this blog, I will explain how to whitelist a URL/Domain in Microsoft Defender SmartScreen for devices that are onboarded to Defender for Endpoint. In my previous blog, you can read how to configure Microsoft Defender SmartScreen via Intune for Edge, Windows 10/11, and Google Chrome.
Defender for Endpoint Requirements:
How to whitelist a URL/domain for Intune managed devices
- Open Microsoft endpoint manager
- In the menu select Devices
- Under Devices, select Windows and select configuration profiles
Or use the following link Windows – Microsoft Endpoint Manager admin center
- Open the Microsoft Defender SmartScreen configuration profile. If you have used the above configuration you have to open EndpointCave-PRD-W10-MicrosoftEdge
- Click on Microsoft Edge
- And click on SmartScreen settings
- Enable the following configuration setting Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings
- Configure the list of domains for which Microsoft defender SmartScreen will not trigger warnings for your end-users
- Click on OK
- Click on Review + Save
- Check at the configuration page that only Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings is changed at the Review + Create page and click on Save
How to whitelist a URL/Domain for Defender for Endpoint onboarded devices.
- Open https://security.microsoft.com
- In the left menu, scroll down and click on settings
- Click now on Endpoints in the main page
- In the 2nd menu (submenu), scroll down to Rules
- Click on indicators
- Now you must click under indicators on URLs/Domains
- Now we must add a URL/domain to whitelist, click on + add item
- Click on next at the bottom of the page
- Set a response action. For whitelisting we will use Allow.
Audit: The user will not be prompted but you will get insight if they are visiting the configured URL or domain.
Warn: The users will be prompted with the Microsoft Defender SmartScreen page but are allowed to bypass the prompt.
Block execution: Block websites and the user will get the Microsoft Defender SmartScreen block page
- After we set the response action to allow, we must set some details otherwise we cannot save the indicator
- Now we can click on next, so click on Next
- Click next on the scope page
- At the summary page, check your configuration
- After your review, click on save
- The URL/domain is now whitelisted,
Note. It can take up to 2 hours (usually less) to whitelist the URL/Domain