We are in the process of migrating to Microsoft Defender for Endpoint. Part of this process includes rolling out a basic firewall policy for our Windows 10 devices. I am wondering if someone can explain exactly how Microsoft handles the network identification in choosing the appropriate firewall policy to apply.
What are the specific identifiers used to differentiate between Domain, Private, and Public firewall rules? How is this handled with multiple interfaces (VPN)? Specifically, with split-tunneling enabled and if a laptop has a private IP address on their wireless adapter and they also have a domain IP on the VPN adapter which policy is used?