How to trace and troubleshoot the Intune Endpoint Security Firewall rule creation process

This blog help me a lot!!

I summarize the simplified steps for somebody only want to find their errored rules, hope it helps someone:

1. Download SyncML viewer, open it and click "MDM Sync". wait till it finished.

2.Search Event log for firewall errors, get the errored Policy ID & Rule Identifier & incorrect parameter.

I use PowerShell command:

$WinEvent = Get-WinEvent -LogName "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin" | where {( $_.ID -eq 404 ) -and ($_.Message -like "*FireWall*")}

3. Search SyncML for the Policy ID + Rule Identifier, you will find the name of the rule.

e.g.: <Target>
            <LocURI>./Vendor/MSFT/Firewall/MdmStore/FirewallRules/d444067ff2b74006993bf3d10bd98467LQEAAA/Name</LocURI>
          </Target>
          <Data>RuleName</Data>

4. search Policy ID on Graph explorer, you will find the policy name.

Now, you can check in Intune with the policy name(from Graph Explorer), Rule Name(from SyncML viewer), and the incorrect parameter(from event viewer / powershel).

Go ahead fix the issue.