Let’s learn Microsoft Cloud Proxy like Solution. Discuss Microsoft’s cloud proxy solution and explore its implementation, features, and user experience. MDE Web filtering is a powerful tool that allows organizations to implement a cloud-based proxy solution.
What is Entra Global Secure Access is another modern identity-centric proxy and web filtering solution that Microsoft is working on. You can use filtering rules the same as web proxy servers, and this solution can be used for Mac OS and Linux devices as well. It is very easy to implement because it is a Cloud solution for the basic Microsoft Cloud proxy solution.
Implementing the Microsoft Cloud proxy is a straightforward process. You can configure it by following a few simple steps. It is a cloud-based service; you don’t need to worry about setting up additional hardware or software components in your data center.
Web content filtering is part of the Web protection capabilities of MDE and MDB offerings. There are regulatory reasons to filter the content within the organization’s network. There is no need to use very costly Cloud Proxy solutions when you have an MDE feature for the same.
- Microsoft Defender for Endpoint Portal Walkthrough
- Microsoft Defender for Endpoint Onboarding Process using Intune
What are the Prerequisites to Enable the Cloud Proxy?
Several prerequisites must be met to enable the Cloud Proxy functionality in Microsoft Defender for Endpoint. These include the following.
1. The Antimalware client version must be 4.18.1906.x or later.
2. Licensing requirements for Microsoft Defender for Endpoint Plan 1 or Plan 2
3. It is important to enable MS Defender Network Protection Policy on the client side using Intune Policy.
4. It is needed to Enable Web content filtering from Settings – Endpoints.
What is Microsoft Cloud Proxy?
This is the Web content filtering option. Web content filtering is part of the Web protection capabilities in Microsoft Defender for Endpoint and Microsoft Defender for Business.
1. Web content filtering enables your organization to track and regulate website access based on content categories.
2. Many of these websites (even if they’re not malicious) might be problematic because of compliance regulations, bandwidth usage, or other concerns.
3. Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and Network Protection (Chrome, Firefox, Brave, and Opera).
What are MDE Custom Indicators?
In scenarios where standard web filtering categories fail to effectively block specific websites like chat platforms, such as Chat GPT, Microsoft Defender for Endpoint offers a solution through custom indicators. Our previous video delved into a detailed explanation of Block ChatGPT using Microsoft Defender for Endpoint.
1. Consider the case where you have a web content filtering categorization for a particular site that is not correct.
2. You have web content filtering set to block all AI-based chatbots and plugins, such as ChatGPT, but it’s not working as expected.
3. In general terms, an Indicator of compromise (IoC) indicates a computer or network intrusion has occurred.
4. In Defender for Endpoint, indicators are called Indicators of Compromise (IoCs) and, less often, as custom indicators.
5. Organizations can create custom indicators that help to define the detection, prevention, and exclusion of URLs/Domains.
6. You can define indicators with specific actions for entities, such as File hashes, IP addresses, URLs/domains, and certificates.
What are the Limitations and Tips?
You need to be aware of 2 hours propagation delay to enable the policies on Windows devices and all the other supported device platforms.
1. Mac OS and Linux support is via Network Protection Components
2. Indicators – Warn and Block work only with Windows devices
3. The maximum number of Indicators that you can create is 15000
Microsoft Cloud Proxy Solution? – Video
In this video, we have explored the functionality and benefits of Microsoft Cloud proxy, which Microsoft Defender essentially provides for Endpoint. Microsoft Defender for Endpoint offers a comprehensive solution with a cloud proxy-like feature for its customers.
The cloud proxy capability provided by Microsoft Defender for Endpoint enables organizations to enhance their network security and control without requiring an additional license.
Microsoft Cloud Proxy Solution?
Let’s log into Microsoft 365 Defender portal and navigate to the settings section to configure the Microsoft Cloud proxy rules. We will specifically focus on the Endpoints settings to customize and manage the proxy settings.
Within the Microsoft Defender for Endpoint interface, you will come across a section called “Rules,” which shows a set of configurations and settings options, including the essential component of “Web content filtering.” This feature allows you to manage and control the filtering of web content based on your organization’s requirements and security policies.
- Click the Add Policy option from Web Content Filtering.
We Will create a global policy to block all the content by default for all devices. In global policy, creation includes 4 steps. The 1st step is General; in this section, you should specify the policy name. Here we are mentioning the policy name as Block All.
Blocked Categories are the second step in global policy creation. In the block category section, there are different types of categories. This is, by default, available in Microsoft Defender, similar to all the other Cloud proxy solutions.
Select the Web content categories to block. You will continue to get data about access attempts to websites in all categories. Click Next once you selected all the blocked categories recommended by Microsoft Defender for Endpoint.
The scope is the 3rd section of global policy creation. Here you apply to the machine groups scope. In the scope section, you should select the devices. This is deployed to all the defender-managed devices. This is a global scope, and if you want to exclude some devices from some categories.
In the final stage of global policy creation within Microsoft Defender for Endpoint, you will find a section that provides a comprehensive overview of all the details associated with the policy. This section summarizes, giving you a clear view of the policy settings and configurations before finalizing and applying the policy.
- Select Submit from the below window.
Quickly refreshing the web page helps you to get the latest policy. The below window helps you show the policy that is “Block All” and the Blocked categories, scope, created by, last modified, etc. If you click on that policy, you will be able to see all the details, what are the categories block, when is this created, the scope of the policy, etc.
|Policy Name||Blocked Categories||Scope||Created by||Last Modifies|
|Shows the Name of the Policy||shows all categories||All machines||Shows the name of the creator||Shows the last modified date|
One more thing we need to do is enable web content filtering. Go to settings and select the Advanced feature from Settings. By default, the Web content filtering is off.
- Enable the Web content filtering by dragging the pane to the Right side.
- Intune Integration with Microsoft Defender for Endpoint
- Deploy Microsoft Defender for Endpoint Policies using Intune
Results from Client Side
You can run the Powershell command to confirm whether the network protection is Enabled for the particular device. Otherwise, web filtering rules would not be working. The window below shows that the Network protection is Enabled, with a value 1.
PowerShell Command Get-MpPreference
After enabling the policy, once you log in to chat.openai.com, you will get the message, “Your organization blocks this website. Contact your administrator for more information.”.
After launching Google Chrome, we attempted to access the chatGPT platform. However, an error message stated, “Access to chat.openai.com was denied. You don’t have authentication to view this page.” This message indicates that I lack the authorization or credentials to access the chat.openai.com website.
Let’s check the reporting section. Select the reports tab on the Right side of the Microsoft 365 Defender Portal. Select Web protection under Endpoints. The below report window shows the Web threat detection over time. You can also see some color codes with Reports. Click the Details option from the Reports window.
After clicking the Details option from Reports, the below window will appear and show the details such as Domain, access count, blocks, access trend, threat category, and machines. Click the Domain you will get the URL details.
|Domain||Access count||Blocks||Access trend||Threat Category||Machines|
|Chat.openai.com||1||1||No change||Custom indicator||1|
The below first window helps you to show the error message “This site can not provide a secure connection.”Your IT admin blocks this content. In the 2nd window in the edge browser, it says the content is blocked for your protection. Your organization is not allowing you to access the resource or content that are not allowed.
About Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.