Forum Discussion
Solved
Firewall Rules: Transitioning from GPO to Intune
I migrated the firewall rules from a GPO to Intune and successfully applied them to my devices. Now I want to remove the firewall rules from the GPO. My question is: will the firewall rules deployed via Intune be automatically applied to my devices once I remove those from the GPO? For security reasons, I don’t want to leave certain ports open when removing the GPO.
Does successfully applied mean policy reporting as compliant in Intune or are the settings actually applying on the endpoint? Intune doesn’t support Defender CSP conflict between Intune and GPO. I would test the settings using Intune while having GPO disabled\removed first against a finite number of devices before rolling out in production.
- Steven_Wakefield
Microsoft
Keep in mind you should not target the same device with both settings. Generally speaking, GPO will win. Here is a similar question with good information on the topic:
Thank you for your response: does this mean that applying the rules through Intune first and then removing the GPO isn’t the correct approach?
Does successfully applied mean policy reporting as compliant in Intune or are the settings actually applying on the endpoint? Intune doesn’t support Defender CSP conflict between Intune and GPO. I would test the settings using Intune while having GPO disabled\removed first against a finite number of devices before rolling out in production.
Thank you for your response: does this mean that applying the rules through Intune first and then removing the GPO isn’t the correct approach?
Correct. While Intune can managed policy conflicts using MDMWinsOverGPO setting, Defender and Windows Update CSPs are exception and currently not supported for conflicts.
Acer Nitro 5 AN515-53
