In my previous blog post, I detailed creating custom Windows Defender firewall rules with Intune. This post will delve into managing the Windows Defender firewall using Intune. As an Intune Administrator, you aim to ensure that the Windows Defender firewall remains enabled and that end users cannot disable it.
There are various locations within the Intune admin center where you can configure Windows Defender Firewall settings. Let’s take a closer look at these options.
Table of Contents
Ways to manage Windows Defender Firewall
You have different ways of managing Windows Defender Firewall. Please find below:
- Using Intune admin center > Endpoint Security > Firewall.
- By creating a Device configuration profile.
- By creating Microsoft Defender for Endpoint Baseline under Endpoint Security.
Devices with Windows Defender Firewall Switched Off
You can find all devices where the Windows Defender firewall is switched Off from Intune admin center > Endpoint Security > Firewall. Click on MDM devices running Windows 10 or later with firewall off.
How to create a Windows Defender firewall policy using Intune
To create a Windows Defender firewall policy, follow the below steps:
- Sign in to the Intune admin center.
- Click on Endpoint Security > Firewall.
- Click on + Create Policy to create a new Firewall Policy.
- Platform: Windows 10, Windows 11, and Windows Server.
- Profile: Windows Firewall.
- Click on Create to create this policy.
Basics Tab
Provide a Name and Description of the Policy.
Configuration Settings
You can configure the Global settings for the firewall, which are at the top of the list. Then, configure the Domain, Private, and Public profiles as per your requirement. For example, below are the most basic firewall settings I have configured.
Domain Profile Settings
- Enable Domain Network Firewall: True
- Default Inbound Action for Domain Profile: Block
- Default Outbound Action: Allow
Private Profile Settings
- Enable Private Network Firewall: True
- Default Inbound Action for Domain Profile: Block
- Default Outbound Action: Allow
Public Profile Settings
- Enable Public Network Firewall: True
- Default Inbound Action for Domain Profile: Block
- Default Outbound Action: Allow
Auditing Settings
- Object Access Audit Filtering Platform Connection: Success + Failure
- Object Access Audit Filtering Platform Packet Drop: Success + Failure
Scope tags
Click Next.
Assignments tab
Click Add groups and select the Entra security group containing Windows 10/11 test devices. Once testing proves successful, you can expand the deployment by including additional devices in the group.
Review + Create
Review the policy and click on Create.
End-User Experience
Let’s check and confirm policy deployment on one of the target devices.
- Go to Start > Search for Windows Security App.
- Click on Firewall & network protection on the left-hand side.
- You can find the Domain, Private, and Public firewall status.
- You can click on the link for each profile to get more information. For example, click Private network and check for more information about the private network profile.
- As you can see in the screenshot below, the Private network Firewall profile is switched on and managed by Intune.
Verify Windows Defender Firewall using Advanced Settings
To verify Windows Defender Firewall status using its advanced settings, follow the below steps:
- Press Windows + R to open the Run dialog box.
- Type wf.msc and press Enter.
- Click on Windows Defender Firewall Properties.
- A pop-up will open where you can check the configuration of each Firewall Profile.
Manage Windows Defender Firewall using OMA-URI
You can also manage Windows Defender Firewall using OMA-URI settings. To learn more about Firewall CSP Settings, click on the link Firewall CSP. If you want to create a specific custom Windows Defender Firewall rule, refer to the post How to create Windows Defender firewall rules using Intune.
