How to Whitelist a URL/Domain in Microsoft Defender SmartScreen

The purpose of this blog post is to inform you how to whitelist a URL/Domain in Microsoft Defender SmartScreen for a device that is managed by Microsoft Intune and devices that are onboarded to Defender for Endpoint.

In this blog post, I will explain how to whitelist a URL/domain in Microsoft Defender for devices that are only managed by Microsoft Intune, and in the second part of this blog, I will explain how to whitelist a URL/Domain in Microsoft Defender SmartScreen for devices that are onboarded to Defender for Endpoint. In my previous blog, you can read how to configure Microsoft Defender SmartScreen via Intune for Edge, Windows 10/11, and Google Chrome.

Requirements:

  • Windows 10 Pro/Enterprise
  • Microsoft Intune license

Defender for Endpoint Requirements:

  • Defender for endpoint license
  • Network Protection must be set to block mode
  • The Antimalware client version must be 4.18.1906.x or later
  • Windows 10, version 1709 or later / Windows 11
  • Custom network indicators are enabled

How to whitelist a URL/domain for Intune managed devices

  • Open Microsoft endpoint manager
  • In the menu select Devices
  • Under Devices, select Windows and select configuration profiles
    Or use the following link  Windows – Microsoft Endpoint Manager admin center
  • Open the Microsoft Defender SmartScreen configuration profile. If you have used the above configuration you have to open EndpointCave-PRD-W10-MicrosoftEdge
  • Click on Microsoft Edge
  • And click on SmartScreen settings
  • Enable the following configuration setting Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings
  • Configure the list of domains for which Microsoft defender SmartScreen will not trigger warnings for your end-users
  • Click on OK
  • Click on Review + Save
  • Check at the configuration page that only Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings is changed at the Review + Create page and click on Save

How to whitelist a URL/Domain for Defender for Endpoint onboarded devices.

  • Click now on Endpoints in the main page
  • In the 2nd menu (submenu), scroll down to Rules
  • Click on indicators
  • Now you must click under indicators on URLs/Domains
  • Now we must add a URL/domain to whitelist, click on + add item
  • Click on next at the bottom of the page
  • Set a response action. For whitelisting we will use Allow.


Note
.

Audit: The user will not be prompted but you will get insight if they are visiting the configured URL or domain.

Warn: The users will be prompted with the Microsoft Defender SmartScreen page but are allowed to bypass the prompt.

Block execution: Block websites and the user will get the Microsoft Defender SmartScreen block page

  • After we set the response action to allow, we must set some details otherwise we cannot save the indicator
  • Now we can click on next, so click on Next
  • Click next on the scope page
  • At the summary page, check your configuration
  • After your review, click on save
  • The URL/domain is now whitelisted,

Note. It can take up to 2 hours (usually less) to whitelist the URL/Domain

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.