Defender Firewall - rules configured in Intune not applying on Win10

Question

I'm trying to configure some Firewall rules in a Microsoft Defender Firewall configuration profile in Intune.

The basic rules (ie enabling Microsoft Defender Firewall and default action like blocking inbound connections on public network) works.

But when I define some custom Firewall rules, they are not applied to the firewall on a Win10 client.

Ie I'm testing a firewall rule called "Allow Ping (Inbound - Public), configured like this:
Name: Allow Ping (Inbound - Public)

Direction: Inbound

Network type: Public

Applications: All

Local addresses: Any address

Remote addresses: Any address

Protocol: Custom

Protocol: 1

Interface type: Local area network

Allow Inbound on Domain and Private works

Block Inbound on Public works

but my Firewall rule never shows up in firewall rules on the Win10 client.

Anyone who can help or have a hint on what I'm doing wrong ?

billb_venzo · Answer

Well, I have found out - through a lot of testing - that the firewall rules that apply to that profile (Domain, Private, Public) is shown in
Windows Defender Firewall... -> Monitoring -> Firewall

That's now the good part...

But sometimes when the rules are applied to a Win-client it reports Error in Intune, but all things seems right at the client..

oliver kieselbach · Answer

Hey&nbsp;ShehzadUIT,
&nbsp;
MMC does not display every Firewall rules, there are multiple stores like Local, GroupPolicy etc. use PowerShell to retrieve the Firewall rules for the "Active Store" and you will find your configured rules:
&nbsp;
Get-NetFirewallRule -PolicyStore ActiveStore
&nbsp;
Reference:
Get-NetFirewallRule (NetSecurity) | Microsoft Docs
&nbsp;
best,
Oliver

shehzaduit · Answer

BillB_Venzo&nbsp;I spent\wasted pretty much my full day today working this out. Finally, i got it working for us.Our devices are Azure AD joined only. and when I was configuring the firewall rules, I was selecting all the network types (such as DOMAIN, PRIVATE, PUBLIC). Seemed like it didn't like the DOMAIN selection as the device is not joined to any DOMAIN (in a classic sense). When i removed the DOMAIN from the network types, it was successfully applied.&nbsp;Once successful, your rules should appear in:&nbsp;Control Panel\System and Security\Windows Defender Firewall\Allowed applications&nbsp;I still have two issues:&nbsp;1. Why are these firewall rules not appearing in Advance Settings --&gt; Inbound rules (if it is an inbound rule)2. In Allowed applications, i saw the rules appearing but the PUBLIC and PRIVATE networks weren't selected.&nbsp;&nbsp;But when i actually tested the firewall rules (my firewall rule is to allow JAVA.exe) and it works.&nbsp;&nbsp;

carl barrett · Answer

Thanks&nbsp;Oliver Kieselbach&nbsp;you have helped me out (again) - would also add to help others that when filtering the results of the PowerShell query use $_.DisplayName not&nbsp;$_.Name as MDM gives the rule a generic string of characters as the name which isn't easy to spot.&nbsp;so&nbsp;Get-NetFirewallRule&nbsp;-PolicyStore&nbsp;ActiveStore | where-object { $_.DisplayName -eq "YourRuleName" }&nbsp;&nbsp;Will prove that the rule was created successfully

rudy_ooms_mvp · Answer

I created a blog about the firewall rule some time ago... and the get-netfirewallrule is indeed a good way do determine if the firewall rules were appliedhttps://call4cloud.nl/2020/07/the-windows-firewall-rises/#results

Forum Discussion

Defender Firewall - rules configured in Intune not applying on Win10

8 Replies

Resources