How to Whitelist a URL/Domain in Microsoft Defender SmartScreen

The purpose of this blog post is to inform you how to whitelist a URL/Domain in Microsoft Defender SmartScreen for a device that is managed by Microsoft Intune and devices that are onboarded to Defender for Endpoint.

In this blog post, I will explain how to whitelist a URL/domain in Microsoft Defender for devices that are only managed by Microsoft Intune, and in the second part of this blog, I will explain how to whitelist a URL/Domain in Microsoft Defender SmartScreen for devices that are onboarded to Defender for Endpoint. In my previous blog, you can read how to configure Microsoft Defender SmartScreen via Intune for Edge, Windows 10/11, and Google Chrome.

Requirements:

  • Windows 10 Pro/Enterprise
  • Microsoft Intune license

Defender for Endpoint Requirements:

  • Defender for endpoint license
  • Network Protection must be set to block mode
  • The Antimalware client version must be 4.18.1906.x or later
  • Windows 10, version 1709 or later / Windows 11
  • Custom network indicators are enabled

How to whitelist a URL/domain for Intune managed devices

  • Open Microsoft endpoint manager
  • In the menu select Devices
  • Under Devices, select Windows and select configuration profiles
    Or use the following link  Windows – Microsoft Endpoint Manager admin center
  • Open the Microsoft Defender SmartScreen configuration profile. If you have used the above configuration you have to open EndpointCave-PRD-W10-MicrosoftEdge
  • Click on Microsoft Edge
  • And click on SmartScreen settings
  • Enable the following configuration setting Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings
  • Configure the list of domains for which Microsoft defender SmartScreen will not trigger warnings for your end-users
  • Click on OK
  • Click on Review + Save
  • Check at the configuration page that only Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings is changed at the Review + Create page and click on Save

How to whitelist a URL/Domain for Defender for Endpoint onboarded devices.

  • Click now on Endpoints in the main page
  • In the 2nd menu (submenu), scroll down to Rules
  • Click on indicators
  • Now you must click under indicators on URLs/Domains
  • Now we must add a URL/domain to whitelist, click on + add item
  • Click on next at the bottom of the page
  • Set a response action. For whitelisting we will use Allow.


Note
.

Audit: The user will not be prompted but you will get insight if they are visiting the configured URL or domain.

Warn: The users will be prompted with the Microsoft Defender SmartScreen page but are allowed to bypass the prompt.

Block execution: Block websites and the user will get the Microsoft Defender SmartScreen block page

  • After we set the response action to allow, we must set some details otherwise we cannot save the indicator
  • Now we can click on next, so click on Next
  • Click next on the scope page
  • At the summary page, check your configuration
  • After your review, click on save
  • The URL/domain is now whitelisted,

Note. It can take up to 2 hours (usually less) to whitelist the URL/Domain

6 replies
  1. naizamuddin
    naizamuddin says:

    hi René Laas,
    Within my company, I’ve been putting into practice a policy that limits access to all websites save those on a list of websites that have been approved. The policy is currently permitting access to all websites rather than limiting it to only the allowed sites, despite my best efforts.

    Would you kindly advise us on the best way to restrict all websites and only allow those that have been approved? I’ve tried a few other combinations, but they haven’t worked out perfectly.

    Furthermore, because I am not a verified user on https://x.com/naizam_uddin , I was unable to contact you there. I would be very grateful for any help or thorough guidance you could provide on this subject.

    Reply
    • René Laas
      René Laas says:

      Hi Naiza,

      I have configured this use case, what is the use case for blocking all network traffic and allowing only specific websites?
      However, I am think to use the web content filtering option within Defender and blocking all categories.

      Reply
  2. eflin charles
    eflin charles says:

    Hi Rene

    On the scope can I select specific devices rather than all devices?
    Not yet seen a way to do this, but may manager wants to apply this but only to two users?

    Any help appreciated.

    Regards

    Reply
  3. Dana Ciraldo
    Dana Ciraldo says:

    How do you whitelist a URL/Domain for Microsoft Edge running on an Apple OS (Ventura 13.4)? or alternatively turn it off?

    Reply
    • René Laas
      René Laas says:

      Hi Dana,

      Did you enroll your iOS devices in defender for endpoint?

      If so you can block and allow sites via the defender portal

      Kind regards,

      Rene

      Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.