If your organization uses Microsoft Defender for Endpoint with Web Content Filtering, you may experience a red screen saying "This content is blocked" when attempting to load our simulated phishing websites.
The reason this red screen appears is due to the category Microsoft has marked these domains under. To allowlist CanIPhish phishing websites, please follow the below guide.
Allowlisting CanIPhish Websites
It's possible to override the blocked category in web content filtering to allow a single site by creating a custom indicator policy. The custom indicator policy will supersede the web content filtering policy when it's applied to the device group in question.
To define a custom indicator, follow these steps:
- In the Microsoft 365 Defender portal, go to Settings > Endpoints > Indicators > URL/Domain > Add Item. (Or click here - https://security.microsoft.com/securitysettings/endpoints/custom_ti_indicators?childviewid=url)
- Enter the CanIPhish phishing domains:
- authwebmail.com
- cmail31.com
- securesupportcloud.com
- webnotifications.net
- alerting-services.com
-
Set the policy action to Allow and click Save.
All done! Wait up to 1-2 hours for this policy to sync to all endpoints in your organization and then you'll be good to go.
Comments
0 comments
Please sign in to leave a comment.