Forum Discussion
Security baseline with Hyper-V default switch
Deleted did you ever figure out what in the Security Baseline was blocking the "Default Switch" in Windows 10 Hyper-V to allow the virtual machines to have internet access? I am really wanting to have an environment where the Security Baseline is applied, but need the same capability you have mentioned. I don't want to do the workaround of creating another external Virtual Switch, as I've actually found that has impacted internet connectivity bandwidth on the host device.
mattgailer I believe it was an inbound firewall issue.
The Security Baseline disables local firewall rules for Public networks, so the auto-generated Hyper-V Container Networking allow rules (inbound) aren't applied - you'll have to manually allow UDP inbound on local ports 53, 67, 68 via GPO or allow local firewall rules.
From memory that was the only issue, and things like ''Prohibit use of Internet Connection Sharing on your DNS domain network'' are fine to leave as Enabled.
Hope that helps!
I think I'm facing similar issues here; Intune enrolled PC with Security Baseline applied, Default Swtich won't work. VM does not seems to get an IP address.
Can anyone be more specific on the firewall rule that has to be made?
- I ended up changing the following two settings that helped me to work (helped by David's replies)
1. "Connection security rules from group policy not merged" - NOT CONFIGURED
2. "Policy rules from group policy not merged" - NOT CONFIGURED
David mentioned creation of rules to open ports in the firewall, but when I looked locally there was already a rule existing (no doubt created when I enabled the Hyper-V role), so I didn't punch any additional holes through the firewall. I think the wording of these policies is probably poor, as I believe the intention is to say "don't acknowledge rules created in any other way - just do what Intune tells you". Could be wrong in my summary, but I'm certainly working happily now on the Default Switch with that change.
