Forum Discussion
Endpoint security | Firewall Configuration through Microsoft Endpoint Configuration Manager
Dear Team,
I want to Migrate the Firewall policies from McAfee to Windows Defender Firewall. Please suggest and share Migration tool and policy best-practices. Please share the configuration document how can enable the "Endpoint security | Firewall" policies through Microsoft Endpoint Manager.
Regards,
Abhishek Pandey
- Thiago_MotaBrass Contributor
Hello, is not possible to migrate firewall rules from a third-party AV solution.
To create and apply firewall rules on client machines you need a GPO or Intune.
Just a recommendation, Windows Firewall works differently than others. The windows firewall "learns" automatically and creates his own rules for all software to work fine.
So is not necessary to have a policy with many rules and apply to all machines.
- Abhishek_PandeyCopper Contributor
Thiago_Mota Thank you so much for the response.
As of now I have created and applied the Windows Firewall through Intune with the Block inbound connections. Can we create any custom rules to allow the applications and remote connection or its learn and automatically create the rules.?
- Thiago_MotaBrass Contributor
Abhishek_Pandey You can do both. It works together, as "merged". When you apply a custom rule by intune it will add to the current rules already applied to the machine that it was "learned" before.
Also, you can disable "local rules". So all the rules that the machine have "learned" before will be dismissed, and will only have the custom rules applied remotely by Intune.
I don't know if I was clear.
- rbenson09Copper Contributor
Thiago_Mota Thank you for your response. So it already knows what kind of traffic to block? How does it learn what connections need to be allowed? Would I only create a firewall rules policy to allow traffic that it blocks?
- Thiago_MotaBrass Contributor
rbenson09
So it already knows what kind of traffic to block?It is the opposite. It already know what kind of traffic will be allowed. All other traffic will be blocked.
How does it learn what connections need to be allowed?
It learns when you install a new software that use network connections. It automatically creates an allow rule so that software can work fine.
Would I only create a firewall rules policy to allow traffic that it blocks?Yes. But I suggest to enable it first. You do not need to create firewall rule to each connection or each software. As the majority of them, has been already created automatically. You can check just open advanced security in Windows Defender Firewall, and you will see the current rules applied.