You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/web-threat-protection.md
+6-24Lines changed: 6 additions & 24 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,47 +27,29 @@ appliesto:
27
27
28
28
29
29
30
-
Web threat protection is part of [Web protection](web-protection-overview.md) in Defender for Endpoint. It uses [network protection](network-protection.md) to secure your devices against web threats. By integrating with Microsoft Edge and popular third-party browsers like Chrome and Firefox, web threat protection stops web threats without a web proxy and can protect devices while they're away or on premises. Web threat protection stops access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, and sites that you are blocked because they're in your [custom indicator list](indicators-overview.md).
30
+
Web threat protection is part of [Web protection](web-protection-overview.md) in Defender for Endpoint. It uses [network protection](network-protection.md) to secure your devices against web threats. By integrating with Microsoft Edge and popular third-party browsers like Chrome and Firefox, web threat protection stops web threats without a web proxy and can protect devices while they're away or on premises. Web threat protection stops access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, and sites that you've blocked because they're in your [custom indicator list](indicators-overview.md).
31
31
32
32
> [!NOTE]
33
33
> It might take up to two hours for devices to receive new custom indicators.
34
34
35
35
## Prerequisites
36
36
37
-
Web protection uses network protection to provide web browsing security on Microsoft Edge and non-Microsoft web browsers.
37
+
Web threat protection uses network protection to provide web browsing security in Edge (excepting Windows devices), non-Microsoft web browsers and nonbrowser processes. On Windows devices, web threat protection in Edge uses Microsoft Defender SmartScreen and network protection isn't required to be enabled.
38
+
39
+
To turn on Microsoft Defender SmartScreen in Edge: [Configure Microsoft Defender SmartScreen](/deployedge/microsoft-edge-policies#smartscreenenabled).
38
40
39
41
To turn on network protection on your devices:
40
42
41
43
- Edit the Defender for Endpoint security baseline under **Web & Network Protection** to enable network protection before deploying or redeploying it. [Learn about reviewing and assigning the Defender for Endpoint security baseline](configure-machines-security-baseline.md#review-and-assign-the-microsoft-defender-for-endpoint-security-baseline)
42
44
- Turn network protection on using Intune device configuration, SCCM, Group Policy, or your MDM solution. [Read more about enabling network protection](enable-network-protection.md)
43
45
44
46
> [!NOTE]
45
-
> If you set network protection to **Audit only**, blocking will be unavailable. Also, you will be able to detect and log attempts to access malicious and unwanted websites on Microsoft Edge only.
47
+
> If you set network protection to **Audit only**, blocking is unavailable. Also, you are able to detect and log attempts to access malicious and unwanted websites on Microsoft Edge only.
46
48
47
49
## Configure web threat protection
48
50
49
-
The following procedure describes how to configure web threat protection using the Microsoft Intune admin center.
50
-
51
-
1. Go to the Microsoft Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)), and sign in.
52
-
53
-
2. Choose **Endpoint security**\>**Attack surface reduction**, and then choose **+ Create policy**.
54
-
55
-
3. Select a platform, such as **Windows 10 and later**, select the **Web protection** profile, and then choose **Create**.
56
-
57
-
4. On the **Basics** tab, specify a name and description, and then choose **Next**.
58
-
59
-
5. On the **Configuration settings** tab, expand **Web Protection**, specify your settings, and then choose **Next**.
60
-
61
-
- Set **Enable network protection** to **Enabled** so web protection is turned on. Alternately, you can set network protection to **Audit mode** to see how it works in your environment. In audit mode, network protection doesn't prevent users from visiting sites or domains, but it does track detections as events.
62
-
- To protect users from potential phishing scams and malicious software, turn **Require SmartScreen for Microsoft Edge Legacy** to **Yes**.
63
-
- To prevent users from bypassing warnings about potentially malicious sites, set **Block malicious site access** to **Yes**.
64
-
- To prevent users from bypassing the warnings and downloading unverified files, set **Block unverified file download** to **Yes**.
65
-
66
-
6. On the **Scope tags** tab, if your organization is using scope tags, choose **+ Select scope tags**, and then choose **Next**. (If you aren't using scope tags, choose **Next**.) To learn more about scope tags, see [Use role-based access control (RBAC) and scope tags for distributed IT](/mem/intune/fundamentals/scope-tags).
67
-
68
-
7. On the **Assignments** tab, specify the users and devices to receive the web protection policy, and then choose **Next**.
51
+
The legacy **Web protection** policy in Intune has been deprecated and web threat protection will be enabled if the prerequisites are met.
69
52
70
-
8. On the **Review + create** tab, review your policy settings, and then choose **Create**.
0 commit comments