Forum Discussion
Windows Firewall configuration via MEM
MicrosoftHi, thanks for the context. There are some settings when set in Endpoint security at a parent level have child settings also set. Although they may be set to configured, some parent settings may require child settings to be set as default in order to function correctly. In this case, when the 'Enable Domain Network Firewall' is configured, there are default values that the settings adhere to. The settings here are leveraged as an on/off switch therefore, it will provide a default value as standard. To learn more about which settings have a default value, see: Firewall configuration service provider (CSP). We also have some best practice you can view the settings to and configure in profiles for Firewall policy in the endpoint security node of Intune as part of an Endpoint security policy. See: Firewall policy settings for endpoint security in Intune and Manage endpoint security in Microsoft Intune to learn more.
When I initially create the policy with two settings, only those two settings are set on the device. When I edit the policy (making no changes), all the newly set settings are now set on the device giving me potentially an unwanted configuration. I either have to be extra careful when editing to set things to 'not configured' or be forced to set all the values when I first create the policy.
As feedback, I don't believe the current design is what admins would expect, for a policy to automatically set settings on edit.
- Intune_Support_TeamHi, we understand your scenario and we appreciate your feedback. For further investigation into these applied settings, let's get you over to support who can talk through what is happening, your expectation and how we can move forward: aka.ms/IntuneSupport.
