Sep 14 2022 06:22 AM - edited Sep 14 2022 07:06 AM
Hello,
Was is the best way to activate Windows FW logs with a MEM policy (with all the usual settings available with the related GPO) ?
I tried to find any setting/template which can be used by a configuration profile but I haven't find any yet.
I tried to import GPOs but it seems they are 'deprecated' for MDM (cf. screenshot below).
Regards
Sep 14 2022 03:26 PM
At this blade you can create a Windows Firewall policy which can audit connections by generating events:
https://endpoint.microsoft.com/#view/Microsoft_Intune_Workflows/SecurityManagementMenu/~/firewall
Reference: Policy CSP - Audit
Please like or mark this thread as answered if it's helpful, thanks!
Sep 15 2022 04:56 AM - edited Sep 15 2022 04:57 AM
Thanks @Kurt Mayer
Sure but how to get all the usual settings available with similar GPO, for ex the path of the logs ?
Sep 16 2022 08:48 AM - edited Sep 16 2022 08:49 AM
It seems there isn't a GPO or configuration profile for it. Next best bet may be to just enable it with a PowerShell script, like this:
Simple Network Monitoring With Windows Firewall Logging And Reporting
How to Deploy PowerShell Script using Intune (MEM)
Please like or mark this thread as answered if it's helpful, thanks!