To block Telegram on a desktop PC using Microsoft Defender for Cloud (formerly Azure Defender), you’ll need to take several steps that involve setting up policies, network configurations, and using Microsoft Defender for Endpoint (MDE). Below is a guide on how to approach this:
Step 1: Ensure Microsoft Defender for Endpoint is Set Up
- Microsoft Defender for Cloud should be integrated with Microsoft Defender for Endpoint (MDE) to control app usage on managed devices.
- If you haven’t yet set up MDE, follow Microsoft’s documentation to enable it across the endpoints.
Step 2: Identify the Telegram App and Traffic
Before blocking Telegram, you need to understand how it operates on your network:
- Telegram desktop app primarily uses TCP and UDP traffic through ports like 443 (HTTPS).
- Telegram servers may use dynamic IP ranges, so blocking only specific IPs won’t be fully effective.
Step 3: Create a Custom Indicator in Defender for Endpoint
Custom Indicators allow you to block specific applications or network traffic. Here’s how:
- Go to Microsoft Defender for Endpoint:
- Open the Microsoft 365 Defender portal: https://security.microsoft.com
- Navigate to Settings > Endpoints > Indicators > URL/IP.
- Create a New URL or IP Indicator:
- Add Telegram-related IP addresses, domains, or URLs that the app uses (like
web.telegram.org
, or its CDN URLs). - Set the indicator to “Block” for these domains or IPs.
- Add Telegram-related IP addresses, domains, or URLs that the app uses (like
Step 4: Block Application via Firewall (Optional)
You can further enhance the block by restricting the Telegram app through network firewall rules.
- Go to Microsoft Endpoint Manager (Intune) or configure your local firewall using Group Policy or any endpoint firewall solution.
Example via Windows Firewall (Group Policy):
- Open Group Policy Management.
- Navigate to Computer Configuration > Windows Settings > Security Settings > Windows Defender Firewall > Inbound Rules.
- Create a new Rule and select the Telegram executable (Telegram.exe).
- Set the rule to Block both Inbound and Outbound connections for Telegram.
Step 5: Monitor and Test the Block
- After implementing the block, monitor your Microsoft Defender for Endpoint dashboard for any attempts to access Telegram.
- You can use the Threat and Vulnerability Management feature to check if Telegram is still installed on any device.
Conclusion
By integrating Microsoft Defender for Endpoint with custom indicators and using Windows Firewall rules, you can successfully block Telegram on desktop PCs across your Azure-managed environment. Always ensure that your network and app policies align with the latest security recommendations.