Forum Discussion
Enable Domain Network FW via Intune
Hello Experts, I've been trying to implement some defender recommendations and can't figure out why " Secure Microsoft Defender Firewall domain profile" does not have any effect on the endpoint...
- I've just found there is a GPO pushing FW configuration to end user devices.... From what I've read, GPO wins when GPO and Intune both push some policy...
I've removed my computer from that GPO and FW is now showing up and running also for Domain network and also intune report shows FW enabled for my computer now...
So looks ok now...
I would start by checking under device management, windows defender, windows security event logs.
I've just found there is a GPO pushing FW configuration to end user devices.... From what I've read, GPO wins when GPO and Intune both push some policy...
I've removed my computer from that GPO and FW is now showing up and running also for Domain network and also intune report shows FW enabled for my computer now...
So looks ok now...
I've removed my computer from that GPO and FW is now showing up and running also for Domain network and also intune report shows FW enabled for my computer now...
So looks ok now...
sumo83 that is good. If you want you can try pushing mdmwinsovergpo policy from Intune which will allow MDM to apply the setting if there is a conflict with GPO.
Edit: Scratch the recommendation of mdmwinsovergpo. I was under wrong impression that FW CSP is supported.
- Uhhh.... dont use mdmwinsovergp ๐ ... it only applies to the policy csp... there are better options to make sure the firewall settings arent applied on intune enrolled devices.
Use OU seperation, Use Security groups, Use Item-level targetting , Use WMI :)...Yes and firewall is one of the CSPs. I donโt see any issue in using it in this case.
Edit: Scratch the recommendation of mdmwinsovergpo. I was under wrong impression that FW CSP is supported.
are you sure?
https://learn.microsoft.com/en-us/windows/client-management/mdm/firewall-csp
./Device/Vendor/MSFT/Policy/ --> policy csp --> mdmwinsovergp would win (if you decide to use this setting.. which i don't advice ๐ )
./Vendor/MSFT/Firewall --> firewall
