Forum Discussion

BillB_Venzo's avatar
BillB_Venzo
Copper Contributor
May 18, 2020

Defender Firewall - rules configured in Intune not applying on Win10

I'm trying to configure some Firewall rules in a Microsoft Defender Firewall configuration profile in Intune. The basic rules (ie enabling Microsoft Defender Firewall and default action like blockin...
Intune
BillB_Venzo's avatar
BillB_Venzo
Copper Contributor

Well, I have found out - through a lot of testing - that the firewall rules that apply to that profile (Domain, Private, Public) is shown in 
Windows Defender Firewall... -> Monitoring -> Firewall

That's now the good part... 

But sometimes when the rules are applied to a Win-client it reports Error in Intune, but all things seems right at the client..

ShehzadUIT's avatar
ShehzadUIT
Brass Contributor
May 19, 2020

BillB_Venzo I spent\wasted pretty much my full day today working this out. Finally, i got it working for us.

Our devices are Azure AD joined only. and when I was configuring the firewall rules, I was selecting all the network types (such as DOMAIN, PRIVATE, PUBLIC). Seemed like it didn't like the DOMAIN selection as the device is not joined to any DOMAIN (in a classic sense). When i removed the DOMAIN from the network types, it was successfully applied.

 

Once successful, your rules should appear in:

 

Control Panel\System and Security\Windows Defender Firewall\Allowed applications

 

I still have two issues:

 

1. Why are these firewall rules not appearing in Advance Settings --> Inbound rules (if it is an inbound rule)

2. In Allowed applications, i saw the rules appearing but the PUBLIC and PRIVATE networks weren't selected. 

 

But when i actually tested the firewall rules (my firewall rule is to allow JAVA.exe) and it works.

 

 

  • Oliver Kieselbach's avatar
    Oliver Kieselbach
    MVP
    Dec 16, 2020

    Hey ShehzadUIT,

     

    MMC does not display every Firewall rules, there are multiple stores like Local, GroupPolicy etc. use PowerShell to retrieve the Firewall rules for the "Active Store" and you will find your configured rules:

     

    Get-NetFirewallRule -PolicyStore ActiveStore

     

    Reference:

    Get-NetFirewallRule (NetSecurity) | Microsoft Docs

     

    best,

    Oliver

    • Carl Barrett's avatar
      Carl Barrett
      Copper Contributor
      Jul 22, 2021

      Thanks Oliver Kieselbach you have helped me out (again) - would also add to help others that when filtering the results of the PowerShell query use $_.DisplayName not $_.Name as MDM gives the rule a generic string of characters as the name which isn't easy to spot.

       

      so Get-NetFirewallRule -PolicyStore ActiveStore | where-object { $_.DisplayName -eq "YourRuleName" } 

       

      Will prove that the rule was created successfully

  • mnoah's avatar
    mnoah
    Copper Contributor
    Dec 02, 2023
    Goodness me. I removed DOMAIN from my rules as well and it started working. Wish I found this tip sooner.

Resources