Windows Firewall configuration via MEM

New Contributor

Hi

 

I'm using the new profile template for Microsoft Defender Firewall profile (in Endpoint Security). When I edit an existing policy, settings that were set to 'Not configured' are now set to a value. For example creating a policy to enable the firewall on the domain firewall profile and block inbound connections, with everything else set to 'not configured', when editing that policy all the settings for the domain firewall profile now have values instead of 'not configured'.

 

Is anyone else seeing this behaviour? Is this a bug @Intune_Support_Team ?

3 Replies

Hi, thanks for the context. There are some settings when set in Endpoint security at a parent level have child settings also set. Although they may be set to configured, some parent settings may require child settings to be set as default in order to function correctly. In this case, when the 'Enable Domain Network Firewall' is configured, there are default values that the settings adhere to. The settings here are leveraged as an on/off switch therefore, it will provide a default value as standard. To learn more about which settings have a default value, see: Firewall configuration service provider (CSP). We also have some best practice you can view the settings to and configure in profiles for Firewall policy in the endpoint security node of Intune as part of an Endpoint security policy. See: Firewall policy settings for endpoint security in Intune and Manage endpoint security in Microsoft Intune to learn more.

If it is the case that child settings need to be set to function correctly, then I would expect them to be set when I enabled the "Enable Domain Network Firewall" settings as opposed to staying as 'Not configured'.
When I initially create the policy with two settings, only those two settings are set on the device. When I edit the policy (making no changes), all the newly set settings are now set on the device giving me potentially an unwanted configuration. I either have to be extra careful when editing to set things to 'not configured' or be forced to set all the values when I first create the policy.
As feedback, I don't believe the current design is what admins would expect, for a policy to automatically set settings on edit.
Hi, we understand your scenario and we appreciate your feedback. For further investigation into these applied settings, let's get you over to support who can talk through what is happening, your expectation and how we can move forward: aka.ms/IntuneSupport.