Event banner
Event details
33 Comments
- Curious to learn more about these atomic rules. I will follow updates 🙂
- For the Firewall policy/profile creation, I do not see the "Windows 10 and later" option in my tenant - only "Windows 10 and later (ConfigMgr)", "macOS", or "Windows 10, Windows 11, and Windows Server" are selectable. I am also missing some granularity on Policy type. Is this "Windows 10 and later" selection with the added Policy types rolling out soon, and will this presumably new and better option be replacing the other older Windows options also?
- Julia_Idaewor
Microsoft
That's not expected behavior. The "Windows 10 and later" should be available to all tenants. The policy under this platform is the "Windows Firewall rules" which is also available under "Windows 10, Windows 11, and Windows Server." Are you able to access the Windows Firewall rules template?- I can get to "Windows Firewall Rules" under "Windows 10 and later (ConfigMgr)" or "Windows 10, Windows 11, and Windows Server", but the new options such as specifying "ICMP Types And Codes" are only available in the "Windows Firewall Rules" under "Windows 10, Windows 11, and Windows Server."
Thanks for joining us! We hope you enjoyed this session. If you missed the live broadcast, don’t worry – you can watch it on demand. And we’ll continue to answer questions here in the chat through the end of the week. There's more great content in store at the Microsoft Technical Takeoff! What do you like about the event so far? Share your feedback and help shape the direction of future events on the Tech Community!
Is it, or will it be, possible to deploy drivers and firmware through Update Rings in Intune? [found the interim answer under "Driver updates for Windows 10+" in Intune...wasn't there before.]
- As long as the PCs are not configured to update through a separate system, like WSUS, they will install and update drivers. These are published by hardware vendors through Partner Center to the Microsoft Update Catalog. The main thing the driver update policies do is configure driver installation deferrals, up to 30 days. By default, the driver updates are deferred as long as the quality updates. To help highlight vendors and products that have transitioned to modern device management (and shame those that have not) there is a community-maintained spreadsheet named "Modern Windows Management Database". https://1drv.ms/x/s!AgG_boPR-xfWjN9i2Z_y_8ErM6t--A
- How does Microsoft Pluton relate to a TPM (e.g., does it replace a TPM), and how does it compare with Apple's T2 chip?
- Julia_Idaewor
Microsoft Pluton is a security processor that is built directly into the CPU and provides the functionality of the Trusted Platform Module (TPM). It is designed to securely store sensitive information on Windows PCs and laptops, making it harder for attackers to extract sensitive data. Pluton works with existing TPM specifications and APIs, but solves the weakness of TPM by removing the need for “outside” communication between a TPM and the CPU. This makes it harder to extract sensitive information even if the attackers have physical possession of a device. In contrast, Apple’s T2 chip is a security chip that is built into Apple’s Mac computers. It provides a secure boot process, encrypted storage, and secure enclave functionality. The T2 chip is designed to protect the user’s data from unauthorized access and tampering. It also provides hardware support for features such as Touch ID and Apple Pay. In terms of functionality, both Microsoft Pluton and Apple’s T2 chip provide similar security features such as secure boot, encrypted storage, and secure enclave functionality. However, Pluton is built directly into the CPU, while T2 is a separate chip.
- Hello. Thanks for the info. Would you have a guide or a more comprehensive tutorial covering likes of Policy App ID, Package Family Name, etc. I've seen this https://learn.microsoft.com/en-us/windows/client-management/mdm/firewall-csp?WT.mc_id=Portal-fx, however, we hope to find a more compressive guide, "easier to read" and perhaps with "real world" examples. Thank you.
NickWeltonYou can find the full WDAC Policy App ID guide here https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide
- Knowing many applications, not sandboxed by the MSIX installer, add their own firewall rules. Is there a way to report on, or even clean up, rogue firewall rules?
- Simply, we must remove Active Directory Group Policy Object firewall rules for Intune /Endpoint Security Firewall rules to become applied.
- NickWeltonHi Nathan, check out this guide on using the Filter Origin ID to determine the source of unexpected dropped or blocked packet/connections. https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation
- I was looking for the rules themselves, across our fleet. As we have blocked all inbound traffic for all profiles, the rules we are concerned with will be "Allow" rules.
- WDAC app ID for Defender here, App Control for Business over there, it's a bit confusing and disjointed. We could use a better explanation of how the CSPs work together.
- NickWeltonYour request is a bit broad for me. Can you provide a bit more detail about your scenario or specific questions you'd like to have answered?
- I'm not using either solution yet, but the app control feature is migrating to new CSPs and it's not clear how or if ACfB and Windows Firewall will use a common framework or application list. Both solutions look very promising. https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-app-control-policy
- Is copying/pasting AppID's required, or will there eventually be auto-lookups, i.e., dropdowns or searching of defined appIDs?
- NickWeltonThis is required right at this time and the team is looking at future improvements. You can find the detail under the first section, "WDAC Application ID Tagging with Intune Firewall Rules policy." https://techcommunity.microsoft.com/t5/intune-customer-success/new-settings-in-microsoft-intune-to-enhance-windows-defender/ba-p/3803857
Is WDAC the only way to accomplish software code signing authentication, or does SmartScreen already do this through trusted publisher CAs?
- NickWeltonWindows Firewall is not integrated with SmartScreen at this time. WDAC application ID policies enable tagging of processes. We now support creating firewall policies using those tags. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide
