diff --git a/defender-endpoint/indicator-ip-domain.md b/defender-endpoint/indicator-ip-domain.md index d60e5c9d0f..b9f3ac2f2b 100644 --- a/defender-endpoint/indicator-ip-domain.md +++ b/defender-endpoint/indicator-ip-domain.md @@ -99,6 +99,7 @@ For processes other than Microsoft Edge and Internet Explorer, web protection sc - Only single IP addresses are supported (no CIDR blocks or IP ranges) in custom indicators - Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) - Encrypted URLs (FQDN only) can be blocked in third party browsers (that is, other than Internet Explorer, Edge) +- URLs loaded via HTTP connection coalescing, such as content loaded by modern CDN's, can only be blocked on first party browsers (Internet Explorer, Edge), unless the CDN URL itself is added to the indicator list. - Full URL path blocks can be applied for unencrypted URLs - If there are conflicting URL indicator policies, the longer path is applied. For example, the URL indicator policy `https://support.microsoft.com/office` takes precedence over the URL indicator policy `https://support.microsoft.com`. - In the case of URL indicator policy conflicts, the longer path may not be applied due to redirection. In such cases, register a non-redirected URL. @@ -195,4 +196,4 @@ The result is that categories 1-4 are all blocked. This is illustrated in the fo - [Manage indicators](indicator-manage.md) - [Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](defender-endpoint-antivirus-exclusions.md) -[!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)] \ No newline at end of file +[!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]