SOLVED

Windows Firewall rules in intune vs local Firewall rules

Copper Contributor

Hi Team

 

I have a device that is fully managed by Intune. I have created some firewall rules policies to allow certain applications and block others. Before enrolling the device into Defender for Endpoint, there were some firewall rules created locally on the Windows device. My question is: will these manually created firewall rules still work as intended, or will only the policies published through Intune take over?

3 Replies
best response confirmed by Charmten (Copper Contributor)
Solution

@Charmten 

 

Local firewall rules should be preserved and behave similar to Group Policy. The Intune policy won't wipe out the existing firewall store, but will create supplimental rules on top of the current configuration -  whatever you've defined in the cloud Device Configuration Policy. You can still run PowerShell scripts or NETSH commands or use the MMC to make and manage machine-specific firewall rules.

 

For example, the local default File and Print Sharing rules will be there, but if you make a GPO or Intune policy, a new set of similar rules will appear (and likely be gray, indicating they're set by a policy), but you can continue to manipulate the local rules.

 

Please like or mark this thread as answered if it's helpful, thanks!

We are currently using GPO to manage our Firewall Policy and rules. We want to mange them now using Intune. When we create our Firewall rules in Intune they are getting merged with the GPO rules. Is there a way to reset the rules and only apply the ones coming from Intune.
1 best response

Accepted Solutions
best response confirmed by Charmten (Copper Contributor)
Solution

@Charmten 

 

Local firewall rules should be preserved and behave similar to Group Policy. The Intune policy won't wipe out the existing firewall store, but will create supplimental rules on top of the current configuration -  whatever you've defined in the cloud Device Configuration Policy. You can still run PowerShell scripts or NETSH commands or use the MMC to make and manage machine-specific firewall rules.

 

For example, the local default File and Print Sharing rules will be there, but if you make a GPO or Intune policy, a new set of similar rules will appear (and likely be gray, indicating they're set by a policy), but you can continue to manipulate the local rules.

 

Please like or mark this thread as answered if it's helpful, thanks!

View solution in original post