Forum Discussion
sumo83
Jan 05, 2024Iron Contributor
Enable Domain Network FW via Intune
Hello Experts, I've been trying to implement some defender recommendations and can't figure out why " Secure Microsoft Defender Firewall domain profile" does not have any effect on the endpoint...
- Jan 08, 2024I've just found there is a GPO pushing FW configuration to end user devices.... From what I've read, GPO wins when GPO and Intune both push some policy...
I've removed my computer from that GPO and FW is now showing up and running also for Domain network and also intune report shows FW enabled for my computer now...
So looks ok now...
sumo83
Jan 08, 2024Iron Contributor
I've just found there is a GPO pushing FW configuration to end user devices.... From what I've read, GPO wins when GPO and Intune both push some policy...
I've removed my computer from that GPO and FW is now showing up and running also for Domain network and also intune report shows FW enabled for my computer now...
So looks ok now...
I've removed my computer from that GPO and FW is now showing up and running also for Domain network and also intune report shows FW enabled for my computer now...
So looks ok now...
Jan 09, 2024
Uhhh.... dont use mdmwinsovergp 🙂 ... it only applies to the policy csp... there are better options to make sure the firewall settings arent applied on intune enrolled devices.
Use OU seperation, Use Security groups, Use Item-level targetting , Use WMI :)...
Use OU seperation, Use Security groups, Use Item-level targetting , Use WMI :)...
- rahuljindal-MVPJan 09, 2024Bronze Contributor
Yes and firewall is one of the CSPs. I don’t see any issue in using it in this case.
Edit: Scratch the recommendation of mdmwinsovergpo. I was under wrong impression that FW CSP is supported.
- Jan 09, 2024
are you sure?
https://learn.microsoft.com/en-us/windows/client-management/mdm/firewall-csp
./Device/Vendor/MSFT/Policy/ --> policy csp --> mdmwinsovergp would win (if you decide to use this setting.. which i don't advice 🙂 )
./Vendor/MSFT/Firewall --> firewall- rahuljindal-MVPJan 09, 2024Bronze ContributorOh wow. Don't know how I missed that. Thanks for sharing that.