You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/web-protection-overview.md
+8-9Lines changed: 8 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -48,17 +48,14 @@ Web threat protection includes:
48
48
49
49
> [!NOTE]
50
50
> For processes other than Microsoft Edge and Internet Explorer, web protection scenarios leverage Network Protection for inspection and enforcement:
51
-
>
52
51
> - IP is supported for all three protocols (TCP, HTTP, and HTTPS (TLS)).
53
-
> - Only single IP addresses are supported (no CIDR blocks or IP ranges) in custom indicators.
54
-
> - Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge).
55
-
> - Encrypted URLs (FQDN only) can be blocked in third party browsers (i.e. other than Internet Explorer, Edge).
56
-
> - Full URL path blocks can be applied for unencrypted URLs.
57
-
>
58
-
> There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked.
59
-
60
-
For more information, see [Web threat protection](web-threat-protection.md).
52
+
- Only single IP addresses are supported (no CIDR blocks or IP ranges) in custom indicators.
53
+
- Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge).
54
+
- Encrypted URLs (FQDN only) can be blocked in third party browsers (i.e. other than Internet Explorer, Edge).
55
+
- Full URL path blocks can be applied for unencrypted URLs.
61
56
57
+
> There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked.
58
+
> For more information, see [Web threat protection](web-threat-protection.md).
62
59
### Custom indicators
63
60
64
61
Custom indicator detections are also summarized in your organizations web threat reports under **Web threat detections over time** and **Web threat summary**.
@@ -121,6 +118,8 @@ Internal IP addresses aren't supported by custom indicators. For a warn policy w
121
118
122
119
In all web protection scenarios, SmartScreen and Network Protection can be used together to ensure protection across both Microsoft and non-Microsoft browsers and processes. SmartScreen is built directly into Microsoft Edge, while Network Protection monitors traffic in non-Microsoft browsers and processes. The following diagram illustrates this concept. This diagram of the two clients working together to provide multiple browser/app coverages is accurate for all features of Web Protection (Indicators, Web Threats, Content Filtering).
123
120
121
+
> [!NOTE]
122
+
> Custom Indicators of Compromise and Web Content Filtering features are currently not supported in Application Guard sessions of Microsoft Edge. These containerized browser sessions can only enforce web threat blocks via the built-in SmartScreen protection. They cannot enforce any enterprise web protection policies.
124
123
:::image type="content" source="/defender/media/web-protection-protect-browsers.png" alt-text="The usage of smartScreen and Network Protection together" lightbox="/defender/media/web-protection-protect-browsers.png":::
0 commit comments