Elevating Security with Microsoft Defender for Cloud Apps and Microsoft Defender for Endpoint

Microsoft Defender for Cloud Apps and Microsoft Defender for Endpoint are pivotal in creating a cohesive security strategy for organizations navigating the complexities of digital threats. These integrated solutions emphasize a multi-layered defense, combining advanced threat detection, data security, and device management to fortify your digital infrastructure. The synergy between them enhances your security posture by leveraging their combined capabilities to provide comprehensive protection across your organization’s digital landscape. This guide will explore the integrated benefits of these solutions, including their licensing requirements, necessary network configurations, and a step-by-step approach to implementation, with a focus on how to effectively restrict access to specific websites.

Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that supports various deployment modes, including log collection, API connectors, and reverse proxy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across all your cloud services.

Licensing Requirements:

• Microsoft Defender for Cloud Apps is available as part of Microsoft 365 E5, Office 365 E5, or as a standalone service.
• For enhanced functionality, such as automated threat response, an E5 license is recommended.

Necessary Ports:

• HTTPS (443) for secure communication with cloud services.
• Depending on your configuration, additional ports might be required for integration with on-premises infrastructure.

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. It leverages big data, machine learning, and automation to offer protection, detection, investigation, and response capabilities across the digital estate.

Licensing Requirements:

• Available as part of Microsoft 365 E5 or Windows 10 Enterprise E5.
• Requires Windows 10, Windows 11, or the respective supported OS for endpoints.

Necessary Ports:

• HTTPS (443) for communication with the Defender for Endpoint cloud service.
• Additional ports may be required for communication with other Microsoft services or on-premises servers.

Integration Guide: Microsoft Defender for Cloud Apps and Defender for Endpoint

Step 1: Enable Defender for Endpoint Integration in Defender for Cloud Apps

• Navigate to the Defender portal > https://security.microsoft.com
• Go to Settings > Cloud Apps > Microsoft Defender for Endpoint.

• Select “Microsoft Defender for Endpoint Integration”.

Step 2: Configure Data Sharing

• In the Defender portal, go to Settings > Advanced features.
• Turn on the “Microsoft Defender for Cloud Apps” option.

Blocking Specific Websites

Using Defender for Cloud Apps and Defender for Endpoint, you can block specific websites and web categories across your organization. To get started we need to enable the web content filtering functionality.

Navigate to Microsoft Defender Portal > Settings > Endpoints > Advanced features. Enable “Web content filtering”.

Now that web content filtering is enabled, Navigate to Settings > Rules > Web content filtering.

Select “+ Add Policy” to create a new policy aimed at blocking specific websites. For this example, we’ll focus on prohibiting access to gambling-related content.

• From the Categories select “Gambling” then “Next”

• If you’ve specified any machine groups, choose the relevant one; otherwise, select “All” and proceed by clicking “Next.”

• Review the settings selected for the new policy, then select “Submit”.

• New Policy will be listed in the portal.

Now that the Policy has been created, lets go ahead and try and access a Gambling website, the results will show as follows:

Defender for Endpoint:

Using Defender for Endpoint you can also block additional websites and Urls by following the below steps.

1. In the Microsoft Defender portal, navigate to Settings > Rules > Indicators.

1. Add URLs or domains you wish to block under the URL/Domains section.

Lets test with adding the following urls: www.goxhosa.com and test that it gets blocked.

1. Configure the action to “Block” and specify the conditions under which the block applies.

After the rule has been created, you have an option to generate and Alert for this website as well. If not needed go ahead and select next and next, then submit.

After a few minutes you can go ahead and test the website https://www.goxhosa.co.za and you will be presented with the following block screen.

Conclusion

Integrating Microsoft Defender for Cloud Apps and Defender for Endpoint offers a formidable defense mechanism against a wide array of cyber threats. By following the detailed guide above, organizations can ensure a seamless integration process, leveraging these powerful tools to safeguard their digital environments. The ability to block specific websites further enhances control over network traffic, ensuring compliance and reducing exposure to potential threats. Through strategic implementation and configuration, these Microsoft Defender solutions empower organizations to achieve a robust, adaptive security posture in today’s complex cybersecurity landscape.

Sharing is caring!