Windows Defender Firewall is a critical security feature built into Microsoft Windows operating systems, designed to safeguard computers and networks from unauthorized access and potential threats. As a crucial component of Windows Defender, the built-in firewall acts as a protective barrier, monitoring incoming and outgoing network traffic to prevent malicious entities from infiltrating or compromising your system.
This robust firewall operates by analyzing data packets, scrutinizing their source, destination, and characteristics, and then making decisions based on predefined rules and policies. By default, Windows Defender Firewall is enabled on Windows machines and works silently in the background, shielding your device from potential cybersecurity risks.
As an Intune Administrator, you want to make sure that Windows defender firewall is switched on and end users will not be able to turn it off. You can easily manage Windows defender firewall using Intune.
You can also easily create custom firewall rules from Intune admin center. For example: If you want to allow RDP protocol from a source computer to a destination computer.
Windows defender firewall can be managed from multiple differerent places on Microsoft Intune admin center. I have listed all those places below and also we will see how to create a firewall policy in detail using one of the easiest way.
Different ways to manage Windows Defender Firewall using Intune
There are multiple places to manage Windows defender firewall on Intune admin center. Please find the list of options below:
- Using Intune admin center > Endpoint Security > Firewall.
- By creating a Device configuration profile.
- By create Microsoft Defender for Endpoint Baseline under Endpoint Security.
Its upto you to choose the option which works best for you. However, I would go for the first option which is Endpoint Security > Firewall. The reason for this is because of a dedicated category for Firewall which makes it easier for troubleshooting firewall related issues.
From Endpoint Security > Firewall page, you can also see the MDM devices running Windows 10 or later with firewall off option which provides the list of managed Intune devices with firewall turned off. You can then target those devices and include them in your firewall policy scope.
Also, you don’t have to search for a Device configuration profile which you have created for managing Defender firewall. You can simply go to Endpoint Security > Firewall to find your Firewall policy and check its current status.
Create a Windows defender Firewall policy using Intune
We will create a firewall policy using Microsoft Intune admin center which will contain Global firewall configuration and also firewall configuration for Domain, Private and Public profiles. Let’s check the steps:
- Login on Microsoft Intune admin center
- Click on Endpoint Security > Firewall
- Click on + Create Policy to create a new Firewall Policy
- Platform: Windows 10, Windows 11, and Windows Server
- Profile: Windows Defender Firewall
- Click on Create to create this policy
Basics Tab
Provide a Name and Description of the Policy.
- Name: Cloudinfra Windows Defender Firewall Policy
- Description: This policy will be used for managing Windows firewall on Cloudinfra MDM devices
Configuration Settings
On the configuration settings tab, you can configure Windows defender firewall Global settings and also per profile settings. Please go through each setting and configure as per your requirement. Below are the most basic settings listed which is to make sure firewall for each profile is on.
Domain Profile Settings
- Enable Domain Network Firewall: True
- Default Inbound Action for Domain Profile: Block
- Default Outbound Action: Allow
Private Profile Settings
- Enable Private Network Firewall: True
- Default Inbound Action for Domain Profile: Block
- Default Outbound Action: Allow
Public Profile Settings
- Enable Public Network Firewall: True
- Default Inbound Action for Domain Profile: Block
- Default Outbound Action: Allow
Auditing Settings
- Object Access Audit Filtering Platform Connection: Success + Failure
- Object Access Audit Filtering Platform Packet Drop: Success + Failure
Assignments tab
Create an Azure AD Security group which contains devices on which Windows defender Firewall policy will be deployed. If you want to make sure this setting applies to all the devices in your organization, then you can Simply click on + Add all devices option in Assignments tab and click on Next to proceed.
Review + Create
On Review + Create tab, review the Firewall policy details and click on Create. You can always go back to this Policy and edit its configuration settings which will enforce the updated settings on the targeted Intune managed devices.
Intune Policy Refresh Cycle
The Device will Sync / Check in to start Windows defender Firewall policy deployment. It may take some time for the process to start. Therefore, if you are testing it on a test device, you can force initiate Intune refresh cycle on the device which will speed up the policy configuration process. You can also use Powershell to force initiate Intune refresh cycle.
Also, you can restart the device first which also starts the device check-in process. Manual sync is not mandatory on user’s devices as the device check-in process happens automatically. But if you are testing this setting on a test device then this can speed up your testing and can save some time.
End User Experience
Let’s check the status of Firewall on the targetted devices. I am expecting that the Windows defender firewall will be switched on and the configuration will be set as per the firewall policy.
How to check if Windows Defender Firewall is Switched On
You can check Windows Defender firewall status using Settings App on Window 10 or Windows 11 device. Please follow below steps to confirm its status:
- Go to Start > Search for Windows Security App.
- Click on Firewall & network protection on left hand side.
- You can find the status of Domain, Private and Public firewall status.
- You can click on the link for each profile to get more information. For Example: Click on “Private network” and check more information about Private network profile.
- As you can see in below screenshot, Private network Firewall profile is switched on and it says “This setting is managed by your administrator“.
Checking Windows defender firewall advanced settings
If you have configured Windows defender firewall advanced settings using the Firewall policy from Intune admin center. You can confirm if the settings are applying on the device using below steps:
- Go to Start > Search for Windows Security App.
- Click on Firewall & network protection on left hand side.
- Click on Advanced Settings link.
Alternatively you can Press
Windows Key + Rto open Run box and typewf.mscto open Windows defender firewall advanced setting console.
- Click on Windows Defender Firewall Properties link.
- A pop-up will open where you can check the configuration of each Firewall Profile.
How to manage Windows defender Firewall using CSP (OMA-URI)
You can also manage Windows defender firewall using configuration service provider (CSP) settings. CSPs allow Intune to configure Windows defender Firewall global settings, per profile settings, custom firewall rules etc. To know more about Firewall CSP Settings, you can click on the link Firewall CSP.
Conclusion
In this blog post, we have seen how to manage windows defender firewall using Intune. In another blog post we will see how to create custom windows defender firewall rules using Intune. Protecting windows devices from external threats is really important and number one priority for any organization and by making sure Windows defender firewall is switched On and its definitions regularly updated.