You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/web-protection-overview.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,8 +5,9 @@ search.appverid: met150
5
5
ms.service: defender-endpoint
6
6
ms.author: deniseb
7
7
author: denisebmsft
8
+
ms.reviewer: tdoucette
8
9
ms.localizationpriority: medium
9
-
ms.date: 04/03/2024
10
+
ms.date: 10/23/2024
10
11
manager: deniseb
11
12
audience: ITPro
12
13
ms.collection:
@@ -48,16 +49,13 @@ Web threat protection includes:
48
49
49
50
> [!NOTE]
50
51
> For processes other than Microsoft Edge and Internet Explorer, web protection scenarios leverage Network Protection for inspection and enforcement:
51
-
>
52
52
> - IP is supported for all three protocols (TCP, HTTP, and HTTPS (TLS)).
53
53
> - Only single IP addresses are supported (no CIDR blocks or IP ranges) in custom indicators.
54
54
> - Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge).
55
55
> - Encrypted URLs (FQDN only) can be blocked in third party browsers (i.e. other than Internet Explorer, Edge).
56
56
> - Full URL path blocks can be applied for unencrypted URLs.
57
-
>
58
-
> There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked.
59
57
60
-
For more information, see [Web threat protection](web-threat-protection.md).
58
+
There might be up to two hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. For more information, see [Web threat protection](web-threat-protection.md).
61
59
62
60
### Custom indicators
63
61
@@ -121,7 +119,9 @@ Internal IP addresses aren't supported by custom indicators. For a warn policy w
121
119
122
120
In all web protection scenarios, SmartScreen and Network Protection can be used together to ensure protection across both Microsoft and non-Microsoft browsers and processes. SmartScreen is built directly into Microsoft Edge, while Network Protection monitors traffic in non-Microsoft browsers and processes. The following diagram illustrates this concept. This diagram of the two clients working together to provide multiple browser/app coverages is accurate for all features of Web Protection (Indicators, Web Threats, Content Filtering).
123
121
124
-
:::image type="content" source="/defender/media/web-protection-protect-browsers.png" alt-text="The usage of smartScreen and Network Protection together" lightbox="/defender/media/web-protection-protect-browsers.png":::
122
+
> [!NOTE]
123
+
> Custom Indicators of Compromise and Web Content Filtering features are currently not supported in Application Guard sessions of Microsoft Edge. These containerized browser sessions can only enforce web threat blocks via the built-in SmartScreen protection. They cannot enforce any enterprise web protection policies.
124
+
> :::image type="content" source="/defender/media/web-protection-protect-browsers.png" alt-text="The usage of smartScreen and Network Protection together" lightbox="/defender/media/web-protection-protect-browsers.png":::
125
125
126
126
## Troubleshoot endpoint blocks
127
127
@@ -183,7 +183,7 @@ For WCF, you can dispute the category of a domain. Navigate to the **Domains** t
183
183
184
184
For more information on how to submit false positives/negatives, see [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md).
0 commit comments