SOLVED

Enable Domain Network FW via Intune

Iron Contributor

Hello Experts,

 

I've been trying to implement some defender recommendations and can't figure out why "

Secure Microsoft Defender Firewall domain profile" does not have any effect on the endpoints...
 
I have followed the guide and configured Firewall policy in Intune / Endpoint Security. I've assigned it to few testing users/machines... Now, it looks like below:
 
  1. when I open the policy I see it was "Succeeded" on all devices... no error no conflict reported
  2. when I check in Endpoint security -> Firewall -> "MDM devices running Windows 10 or later with firewall off", all devices have Firewall status "Disabled"
  3. The configuration is very simple and looks like the below
  4. sumo83_1-1704459897161.png

    It is assigned to a group of users

  5. When I check on testing machine, I see the below

sumo83_0-1704459567572.png

 

I'm confused as it all seems to be "succeeded" but it has no effect on the end user device looks like.

 

Any idea what am I missing here?

9 Replies

The policy values in your screenshot seem legit. Have you checked the event view logs on the devices in question to gather more details?

haven't checked events as I am not very familiar with it.... What should I be looking for there pls? Will have a look

I would start by checking under device management, windows defender, windows security event logs.
best response confirmed by sumo83 (Iron Contributor)
Solution
I've just found there is a GPO pushing FW configuration to end user devices.... From what I've read, GPO wins when GPO and Intune both push some policy...

I've removed my computer from that GPO and FW is now showing up and running also for Domain network and also intune report shows FW enabled for my computer now...

So looks ok now...

@sumo83 that is good. If you want you can try pushing mdmwinsovergpo policy from Intune which will allow MDM to apply the setting if there is a conflict with GPO. 

 

Edit: Scratch the recommendation of mdmwinsovergpo. I was under wrong impression that FW CSP is supported.

Uhhh.... dont use mdmwinsovergp 🙂 ... it only applies to the policy csp... there are better options to make sure the firewall settings arent applied on intune enrolled devices.
Use OU seperation, Use Security groups, Use Item-level targetting , Use WMI :)...

Yes and firewall is one of the CSPs. I don’t see any issue in using it in this case.

 

Edit: Scratch the recommendation of mdmwinsovergpo. I was under wrong impression that FW CSP is supported.

are you sure?

https://learn.microsoft.com/en-us/windows/client-management/mdm/firewall-csp

./Device/Vendor/MSFT/Policy/ --> policy csp --> mdmwinsovergp would win (if you decide to use this setting.. which i don't advice 🙂 )

./Vendor/MSFT/Firewall --> firewall

Oh wow. Don't know how I missed that. Thanks for sharing that.
1 best response

Accepted Solutions
best response confirmed by sumo83 (Iron Contributor)
Solution
I've just found there is a GPO pushing FW configuration to end user devices.... From what I've read, GPO wins when GPO and Intune both push some policy...

I've removed my computer from that GPO and FW is now showing up and running also for Domain network and also intune report shows FW enabled for my computer now...

So looks ok now...

View solution in original post