How to manage Windows Defender firewall using Intune

In my previous blog post, I detailed the process of creating custom Windows Defender firewall rules with Intune. In today’s post, we’ll delve into the management of the Windows Defender firewall using Intune. As an Intune Administrator, your goal is to ensure that the Windows Defender firewall remains enabled, and end users are unable to disable it.

There are various locations within the Intune admin center where you can configure Windows Defender Firewall settings. Let’s take a closer look at these options.

Ways to manage Windows Defender Firewall

You have different ways of managing Windows Defender Firewall. Please find below:

  1. Using Intune admin center > Endpoint Security > Firewall.
  2. By creating a Device configuration profile.
  3. By creating Microsoft Defender for Endpoint Baseline under Endpoint Security.

Devices with Windows Defender Firewall switched Off

You can find all devices where the Windows Defender firewall is switched Off from Intune admin center > Endpoint Security > Firewall. Click on “MDM devices running Windows 10 or later with firewall off“.

Devices with Windows Defender Firewall switched Off
Devices with Windows Defender Firewall switched Off

How to create a Windows Defender firewall policy using Intune

To create a Windows Defender firewall policy, follow the below steps:

  • Login on Microsoft Intune admin center
  • Click on Endpoint Security > Firewall
  • Click on + Create Policy to create a new Firewall Policy
  • Platform: Windows 10, Windows 11, and Windows Server
  • Profile: Windows Defender Firewall
  • Click on Create to create this policy

Basics Tab

Provide a Name and Description of the Policy.

Configuration Settings

You can configure Global settings for the firewall which are at the top of the list. Then configure Domain, Private, and Public profiles as per your requirement. For example: Below are the most basic firewall settings I have configured.

Domain Profile Settings

  • Enable Domain Network Firewall: True
  • Default Inbound Action for Domain Profile: Block
  • Default Outbound Action: Allow

Private Profile Settings

  • Enable Private Network Firewall: True
  • Default Inbound Action for Domain Profile: Block
  • Default Outbound Action: Allow

Public Profile Settings

  • Enable Public Network Firewall: True
  • Default Inbound Action for Domain Profile: Block
  • Default Outbound Action: Allow

Auditing Settings

  • Object Access Audit Filtering Platform Connection: Success + Failure
  • Object Access Audit Filtering Platform Packet Drop: Success + Failure

Assignments tab

Create an Azure AD group containing Windows 10/11 devices and assign this policy. You can also click on Add All Devices to apply this policy on all Intune-managed devices.

Review + Create

Review the policy and click on Create.

How to create a Windows Defender firewall policy using Intune
How to create a Windows Defender firewall policy using Intune

End-user Experience

Let’s check and confirm policy deployment on one of the target devices.

  • Go to Start > Search for Windows Security App.
  • Click on Firewall & network protection on the left-hand side.
  • You can find the status of Domain, Private, and Public firewall status.
  • You can click on the link for each profile to get more information. For Example: Click on “Private network” and check more information about the Private network profile.
  • As you can see in the below screenshot, the Private network Firewall profile is switched on and it’s managed by Intune.
End-user Experience
End-user Experience

Verify Windows Defender firewall using advanced settings

To verify Windows Defender Firewall status using its advanced settings, follow below steps:

  • Press Windows + R to open Run dialog box.
  • Type wf.msc and press Enter.
  • Click on Windows Defender Firewall Properties.
  • A pop-up will open where you can check the configuration of each Firewall Profile.
Verify Windows Defender firewall using advanced settings
Verify Windows Defender firewall using advanced settings

Manage Windows Defender Firewall using OMA-URI

You can manage Windows Defender Firewall using OMA-URI settings as well. To know more about Firewall CSP Settings, you can click on the link Firewall CSP. If you want to create a specific custom Windows Defender Firewall rule, refer to the post: How to create Windows Defender firewall rules using Intune.

Leave a Comment