One of the best ways you can improve the security posture of your organization is to use a firewall. Firewalls help prevent unauthorized incoming and outgoing network traffic. Windows Defender Firewall is included in Windows 10 and includes robust capabilities to manage network traffic to and from devices.
We’re excited to announce new capabilities in in Microsoft Defender ATP and Intune to help you manage Windows Defender Firewall controls. New capabilities include:
Create custom rules for Windows Defender Firewall
You can create custom Windows Defender Firewall rules to allow or block inbound or outbound across three profiles – Domain, Private, Public over:
Windows Defender Firewall rule authoring capability is available in Microsoft Intune under Endpoint protection > Microsoft Defender Firewall > Firewall rules. For more information, see: Add custom Firewall rules for Windows 10 devices.
Custom Reporting using Power BI
You can view Windows Defender Firewall activities by setting up a custom report using Power BI. By doing so, you can monitor Windows Firewall activities over remote IP, Remote Port, Local Port, Local IP, Computer Name, Process across inbound connections and outbound connections.
First, you must enable Audit Events for Windows Defender Firewall with Advanced Security:
Enable these events by using Group Policy Object Editor, Local Security Policy, or the auditpol.exe command: https://docs.microsoft.com/en-us/windows/win32/fwp/auditing-and-logging
After enabling the events, Microsoft Defender ATP will start to monitor the data. You can then download the Custom Reporting script to monitor the Windows Defender Firewall activities. In the reports, you’ll see a summary of:
For more information about Windows Defender Firewall management, see:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.