Windows Defender Firewall
1 Topic
Intune/Defender Firewall Policies
Coming from an environment where the Windows Firewall had been disabled, and having seen the light, we finally got approval to enable the firewall, but I am hitting a learning curve with Intune behaviors; I have a device where the firewall is enabled, and I get an admin prompt for an app that wants access. I cancel the admin prompt and do a little digging on what app wants access, and to what etc. and then create the policy to allow traffic inside of Intune. I thought the policies were not applying, but after poking around, I found that they are applied and listed under Monitoring > Firewall instead of the normal Inbound or Outbound Rules sections. However, because I canceled the admin prompt to allow the traffic, it automatically created a Block policy on the Inbound Rules section. Inside of Monitoring > Firewall I can see both the Block policy from the Inbound Rules, but also the Allow policy from Intune. Question: Is there a way to use the cloud Intune/Defender policy to wipe out the Block on the Inbound Rules section? Or do I need to make a remediation script to clean these up? Or is there some other 'best practice' way to clean up the unintended blocks from the local policy?Solved26Views0likes1Comment