How to activate FW logs

Question

Hello,Was is the best way to activate Windows FW logs with a MEM policy (with all the usual settings available with the related GPO) ?I tried to find any setting/template which can be used by a configuration profile but I haven't find any yet.I tried to import GPOs but it seems they are 'deprecated' for MDM (cf. screenshot below).Regards&nbsp;&nbsp;&nbsp;

kurtbmayer · Answer

semangard-post&nbsp;&nbsp;It seems there isn't a GPO or configuration profile for it. Next best bet may be to just enable it with a PowerShell script, like this:&nbsp;Simple Network Monitoring With Windows Firewall Logging And Reporting&nbsp;How to Deploy PowerShell Script using Intune (MEM)&nbsp;&nbsp;Please like or mark this thread as answered if it's helpful, thanks!

kurtbmayer · Answer

semangard-post&nbsp;&nbsp;At this blade you can create a Windows Firewall policy which can audit connections by generating events:&nbsp;https://endpoint.microsoft.com/#view/Microsoft_Intune_Workflows/SecurityManagementMenu/~/firewall&nbsp;&nbsp;Reference:&nbsp;Policy CSP - Audit&nbsp;Please like or mark this thread as answered if it's helpful, thanks!&nbsp;

semangard-post · Answer

Thanks KurtBMayer&nbsp;Sure but how to get all the usual settings available with similar GPO, for ex the path of the logs ?

Forum Discussion

How to activate FW logs

Share

Resources