I would like to block all outgoing connections by default and enable (via intune policy and only for certain users) only the destinations where they can work; I would like to do all this with windows firewall.
By blocking everything outgoing I would like to create the exception to make access to remote apps and the full desktop work; What service/port do I need to enable in order for the apps/remote desktop access part to work when I disable outgoing connections?
There is another way to, without denying all outgoing connections, to deny all certain networks (eg 172.20.20.0/24) and, via policy, for certain users only enable an ip of that network (eg 172.20 .20.5)?