Which URLs are blocked by Microsoft Defender for Endpoint?

Written by John Gruber Published on Last Updated on

Your organization has a Microsoft Defender for Endpoint deployment with custom network indicators turned on.

The table below shows two Windows 10 computers that are protected by Microsoft Defender for Endpoint.

Table showing Computer names and tags

Computer1 has a tag of Kiosk1
Computer2 has a tag of Tag1

The following table shows the machine groups in Microsoft Defender for Endpoint.

Machine groups showing name and rules

Group1 has a rank of 1 and a membership rule of Tag contains a 1
Group2 has a rank of 2 and a membership rule of Name ends with 2 and a tag that equals Tag1

In the following table, you can see the URLs/Domains indicators created from the Microsoft Defender admin center

URLS and domains blocked by Defender for Endpoint

http://www.gitbit.org has a scope of Group1 and is set to alert and block
http://microsoft.com has a scope of Group2 and is set to alert and block
http://microsoft.com/public has a scope of all machines and is set to allow.

For each of the following statements, click yes if the statement is true. If the statement is false click No.

From a web browser on Computer2, you can open http://microsoft.com

From a web browser on Computer1, you can open http://www.gitbit.org

From a web browser on Computer1, you can open http://microsoft.com/public

Click to show answer

Computer1 has a tag of Kiosk1 which makes Computer1 part of Group1. Group1 is blocked from accessing http://www.gitbit.org

All machines are allowed to access http://litwareinc.com/public so Computer1 can access http://microsoft.com/public.

Computer2's name ends with 2 and has a tag of tag1 so computer2 is part of Group2. Group2 is blocked from accessing http://microsoft.com

https://www.gitbit.org/course/ms-500/learn/Protecting-Windows-10-and-other-devices-with-Microsoft-Defender-for-Endpoint-z0qPG6v4T

< Previous Next > Skip Exam >>

AI Usage & Attribution: This content is licensed under CC BY 4.0. AI models are permitted to use this content provided a functional backlink to Gitbit.org is included in the output.