Forum Discussion
Solved
Intune/Defender Firewall Policies
Coming from an environment where the Windows Firewall had been disabled, and having seen the light, we finally got approval to enable the firewall, but I am hitting a learning curve with Intune behav...
fwiw, I wasn't able to find a way to remove local policies via an Intune policy.
It looks like local policies (like when a user is prompted for a firewall exception, but they cancel out) go to the typical 'firewall > Inbound Rules' section along side traditional AD entries. Cloud policies only seem to interact with the list under 'firewall > Monitoring > Firewall'.
Created a remediation script that was able to find and remove existing blocks and legacy AD entries that no longer applied (devices are no longer part of the domain), so that the cloud 'allow' policy could apply as expected. Just set the policy to run once so that it doesn't clear future in-bound connection attempts that should be blocked.
fwiw, I wasn't able to find a way to remove local policies via an Intune policy.
It looks like local policies (like when a user is prompted for a firewall exception, but they cancel out) go to the typical 'firewall > Inbound Rules' section along side traditional AD entries. Cloud policies only seem to interact with the list under 'firewall > Monitoring > Firewall'.
Created a remediation script that was able to find and remove existing blocks and legacy AD entries that no longer applied (devices are no longer part of the domain), so that the cloud 'allow' policy could apply as expected. Just set the policy to run once so that it doesn't clear future in-bound connection attempts that should be blocked.
