Event banner
Windows Firewall: new and upcoming features for 2023
Event details
Let's do this! Get an overview of the latest enhancements and improvements in Windows Firewall management and protection. Windows Firewall is a core component of the Windows security platform that helps protect your devices and data from network threats. We'll showcase some of the new and upcoming features that have been added to over the last year, and show how they can help you achieve better security outcomes. We'll cover Windows Defender Application Control (WDAC) Application ID Tagging with Intune Firewall Rules, policy support for network list manager settings, Firewall Rules for ICMP, policy support for log configuration, debugging, reusable settings, and more! We will also give you a sneak peek of what's coming next for Windows Firewall. Join us to learn how to use the latest from Windows Firewall in 2023.
This session is part of the Microsoft Technical Takeoff: Windows + Intune. Add it to your calendar, RSVP for event reminders, and post your questions and comments below! This session will also be recorded and available on demand shortly after conclusion of the live event. |
- CWinter87Copper ContributorIs the ability to overwrite/displace(overwrite) GPO Firewall rules on the roadmap for Endpoint Security Firewall?
- NickWeltonMicrosoftCan you provide a bit more information on what you're looking for here? Which source do you want to overwrite group policy?
- CWinter87Copper ContributorSimply, we must remove Active Directory Group Policy Object firewall rules for Intune /Endpoint Security Firewall rules to become applied.
- treestryderSteel ContributorKnowing many applications, not sandboxed by the MSIX installer, add their own firewall rules. Is there a way to report on, or even clean up, rogue firewall rules?
- NickWeltonMicrosoftHi Nathan, check out this guide on using the Filter Origin ID to determine the source of unexpected dropped or blocked packet/connections. https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation
- treestryderSteel ContributorI was looking for the rules themselves, across our fleet. As we have blocked all inbound traffic for all profiles, the rules we are concerned with will be "Allow" rules.
- CWinter87Copper ContributorSimply, we must remove Active Directory Group Policy Object firewall rules for Intune /Endpoint Security Firewall rules to become applied.
- CraigDKIron ContributorWill any of the application tagging or other enhancements be applicable to on premise (Either GPO managed or Configuration Manager) scenarios?
- NickWeltonMicrosoft
This question is about the WDAC application ID tagging functionality, correct? Are you asking if that will be available in general? The majority of firewall specific changes outlined are currently only supported in the CSP at this time.
- Char_CheesmanCommunity Manager
Welcome to Windows Firewall: new and upcoming features for 2023 and the second annual Microsoft Technical Takeoff for Windows + Intune! Have a question? Post here in the Comments so we can help. Let’s make this an active Q&A!
- Eric_ReichardCopper Contributor
Is WDAC the only way to accomplish software code signing authentication, or does SmartScreen already do this through trusted publisher CAs?
- NickWeltonMicrosoftWindows Firewall is not integrated with SmartScreen at this time. WDAC application ID policies enable tagging of processes. We now support creating firewall policies using those tags. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide
- scottcopusCopper ContributorIs copying/pasting AppID's required, or will there eventually be auto-lookups, i.e., dropdowns or searching of defined appIDs?
- NickWeltonMicrosoftThis is required right at this time and the team is looking at future improvements. You can find the detail under the first section, "WDAC Application ID Tagging with Intune Firewall Rules policy." https://techcommunity.microsoft.com/t5/intune-customer-success/new-settings-in-microsoft-intune-to-enhance-windows-defender/ba-p/3803857
- RaslDaslBrass ContributorWDAC app ID for Defender here, App Control for Business over there, it's a bit confusing and disjointed. We could use a better explanation of how the CSPs work together.
- NickWeltonMicrosoftYour request is a bit broad for me. Can you provide a bit more detail about your scenario or specific questions you'd like to have answered?
- RaslDaslBrass ContributorI'm not using either solution yet, but the app control feature is migrating to new CSPs and it's not clear how or if ACfB and Windows Firewall will use a common framework or application list. Both solutions look very promising. https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-app-control-policy
- CENSSBrass ContributorHello. Thanks for the info. Would you have a guide or a more comprehensive tutorial covering likes of Policy App ID, Package Family Name, etc. I've seen this https://learn.microsoft.com/en-us/windows/client-management/mdm/firewall-csp?WT.mc_id=Portal-fx, however, we hope to find a more compressive guide, "easier to read" and perhaps with "real world" examples. Thank you.
- NickWeltonMicrosoftYou can find the full WDAC Policy App ID guide here https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide
- Jay MichaudIron ContributorHow does Microsoft Pluton relate to a TPM (e.g., does it replace a TPM), and how does it compare with Apple's T2 chip?
- Julia_IdaeworMicrosoft
Microsoft Pluton is a security processor that is built directly into the CPU and provides the functionality of the Trusted Platform Module (TPM). It is designed to securely store sensitive information on Windows PCs and laptops, making it harder for attackers to extract sensitive data. Pluton works with existing TPM specifications and APIs, but solves the weakness of TPM by removing the need for “outside” communication between a TPM and the CPU. This makes it harder to extract sensitive information even if the attackers have physical possession of a device. In contrast, Apple’s T2 chip is a security chip that is built into Apple’s Mac computers. It provides a secure boot process, encrypted storage, and secure enclave functionality. The T2 chip is designed to protect the user’s data from unauthorized access and tampering. It also provides hardware support for features such as Touch ID and Apple Pay. In terms of functionality, both Microsoft Pluton and Apple’s T2 chip provide similar security features such as secure boot, encrypted storage, and secure enclave functionality. However, Pluton is built directly into the CPU, while T2 is a separate chip.
- CENSSBrass Contributor
Is it, or will it be, possible to deploy drivers and firmware through Update Rings in Intune? [found the interim answer under "Driver updates for Windows 10+" in Intune...wasn't there before.]
- treestryderSteel ContributorAs long as the PCs are not configured to update through a separate system, like WSUS, they will install and update drivers. These are published by hardware vendors through Partner Center to the Microsoft Update Catalog. The main thing the driver update policies do is configure driver installation deferrals, up to 30 days. By default, the driver updates are deferred as long as the quality updates. To help highlight vendors and products that have transitioned to modern device management (and shame those that have not) there is a community-maintained spreadsheet named "Modern Windows Management Database". https://1drv.ms/x/s!AgG_boPR-xfWjN9i2Z_y_8ErM6t--A