Hello there,
It's important to understand the following prerequisites prior to creating indicators for IPS, URLs, or domains
URL/IP allow and block requires that the Microsoft Defender for Endpoint component Network Protection is enabled in block mode.
Create an indicator for IPs, URLs, or domains from the settings page
In the navigation pane, select Settings > Endpoints > Indicators (under Rules).
Select the IP addresses or URLs/Domains tab.
Select Add item.
Specify the following details:
Indicator - Specify the entity details and define the expiration of the indicator.
Action - Specify the action to be taken and provide a description.
Scope - Define the scope of the machine group.
Review the details in the Summary tab, then select Save.
Note
There may be up to 2 hours of latency between the time a policy is created and the URL or IP being blocked on the device.
Please check the link bellow.
And see if it helps,
Thank you
--If the reply is helpful, please Upvote and Accept as answer--