Tutorial GPO - Block malicious site access on Microsoft Edge

On the domain controller, download the latest version of the Microsoft Edge template.

Double-click the CAB file named MICROSOFTEDGEPOLICYTEMPLATES.

Extract the ZIP file named MICROSOFTEDGEPOLICYTEMPLATES.

In our example, all files were placed on the root of a directory named DOWNLOADS.

Access the directory named WINDOWS and copy the ADMX files to the Policy definitions directory.

Copy to Clipboard

Access the correct language subdirectory.

Copy the ADML files to the correct language directory inside the Policy definitions.

Copy to Clipboard

On the domain controller, open the group policy management tool.

Create a new group policy.

Enter a name for the new group policy.

In our example, the new GPO was named: MY-GPO.

On the Group Policy Management screen, expand the folder named Group Policy Objects.

Right-click your new Group Policy Object and select the Edit option.

On the group policy editor screen, expand the User configuration folder and locate the following item.

Copy to Clipboard

Access the folder named SmartScreen settings.

Enable the item named Prevent bypassing Microsoft Defender SmartScreen prompts for sites.

To save the group policy configuration, you need to close the Group Policy editor.

Congratulations! You have finished the GPO creation.

Microsoft Edge GPO - Blocking malicious site access

On the Group policy management screen, you need to right-click the Organizational Unit desired and select the option to link an existent GPO.

In our example, we are going to link the group policy named MY-GPO to the root of the domain.

After applying the GPO you need to wait for 10 or 20 minutes.

During this time the GPO will be replicated to other domain controllers.

If a malicious website is detected, The SmartScreen feature will show the following page.

This GPO setting lets you decide whether users can override the Microsoft Defender SmartScreen warnings about potentially malicious websites.