We recently received a customer support case where the App Protection Policy (APP also known as MAM) was not being delivered to the device due to a missing IP address exemption. If your organization uses a firewall or network protection system which targets or restricts reachable IP addresses, we recommend that you update your network configuration to allow network traffic to and from all MAM IP ranges as outlined in Network endpoints for Microsoft Intune, in case you run into the same issue.
For Windows devices, if you use a Defender Firewall profile to configure your IP address settings, below are the steps you can use to update these:
- Log in to Microsoft Endpoint Manager
- Go to Devices > Configuration profiles
- Select the Windows 10 and later with a Profile Type listed as Endpoint protection
- Select Properties and click edit next to Configuration settings
- Click Microsoft Defender Firewall
- Scroll down to Firewall rules and edit the rule to update the IP address settings
For more information about firewall settings, see the following documents:
- Firewall policy settings for endpoint security in Intune
- Manage device security with endpoint security policies in Microsoft Intune
- Create Windows Firewall rules in Intune
Let us know if you have any additional questions on this by replying to this post or by tagging @IntuneSuppTeam out on Twitter.