Manage Web Proxy for Secure Enclave

The Web Proxy feature empowers administrators to exert precise control over the specific URLs or IP addresses that can be accessed in browsers running in the Secure Enclave on Windows devices. With this feature, administrators can choose to block specific URLs or IP addresses, or even block all web traffic completely, while utilizing the allow list to provide granular access. This article will guide you through the steps to effectively manage the "Web Proxy" policy.

Accessing the Web Proxy Policy

To access the "Web Proxy" policy:

  1. Sign in to the administrative interface of your organization.
  2. Using the left-side navigation menu, click on Policy Admin.
  3. From the submenu, select Web Policy.
  4. If you also have DNS filtering, you will see two tabs at the top of the screen labeled "DNS" and "Web Proxy." Click on Web Proxy.

    Annotation on 2023-08-07 at 10-35-20.png

Adding a Policy

To add a new policy:

  1. In the top-left corner of the Web Proxy policy screen, click on Add.

    Annotation on 2023-08-07 at 10-39-02.png

  2. Select the user or group to which the policy will apply from the pop-up that appears.

    selectgu.png

  3. Click on Add once the selection is made.

    addpol.png

  4. The policy editor will be displayed immediately.

Modifying the Allowed/Blocked Lists

Administrators can import a text file containing domains, URLs, and IP addresses. Additionally, they can manually input or copy/paste addresses into the text box on the Allowed or Blocked tabs.

Importing a File

Administrators can import a text file with domains, URLs, and IP addresses, with each address placed on a separate line. Please ensure that the addresses follow the formatting rules provided:

domain.com = Allows access to only the second level domain
.domain.com = Allows access to all subdomains and excludes the second level domain

To import a file:

  1. On the Allowed or Blocked tabs, click the Import button in the top-right corner of the editor

    Annotation on 2023-08-07 at 17-02-10.png

  2. Select the desired file and click Open.
  3. The file will be imported into the text box, and the addresses will be highlighted in bold lettering.
  4. Click on Apply to implement the rules.

Adding and Removing Destinations

To add a destination:

  1. Click into the text box and on a new line type the address.
  2. Click Apply in the lower right hand corner of the window

To remove a destination:

  1. Click into the text back and delete the target destination
  2. Click Apply in the lower right hand corner of the window

Blocking All Traffic

Administrators can block all web traffic and utilize the allow list for granular access control. To block all traffic:

  1. On the Allowed tab, toggle the switch labeled Only allow access to sites in the allowed list.

    Annotation on 2023-08-07 at 17-04-57.png

  2. Make sure to specify the addresses authorized for access in the allowed list.
  3. Click on Apply.

Any items in the blocked list will not be removed and will be available should you decide to allow traffic again.

Logs

The Logs tab provides granular details about the sites visited, the actions taken by the proxy, and the users who accessed or attempted to access a site.

To access logs: 

  1. Click Manage next to the desired policy from the Web proxy tab.
  2. From the left navigation click Logs.

    Annotation on 2023-08-07 at 17-14-35.png

Log filtering allows you to separate traffic by:

  • Date
  • User
  • Process type
    • Browser: Only shows traffic emanating from browsers running in Secure Enclave
    • Other: Shows traffic emanating from apps or other processes running in Secure Enclave
  • Action
    • Allow
    • Deny

Was this article helpful?