Defender 365
2 TopicsFirewall Off despite policy being enabled
In Firewall and network protection, It says Firewall is off for all Network types. However it should be on. Is this normal/expected? However, In Sec. providers, Firewall is enabled. ========== In PS, Firewall appears to be enabled too. C:\Windows\System32>netsh advfirewall Show allprofiles Domain Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Private Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Public Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Ok. =========== In the Intune Firewall Policy the three options are enabled:Solved106Views0likes6CommentsGuide to policy creation
Hi all, I am looking for some guidance to policy creation in the endpoint manager / Intune correlating to Defender 365. I have reviewed some of the documentation related to endpoint security and devices. There seems to be many ways to accomplish the same task regarding policies, and I think some direction would be great. A few of the general questions I have I will post below but anything will help. 1. Devices - creating a configuration profile vs policy 2. Would it be better to create policies in the endpoint security tab through endpoint detection and response vs per device and will there be any type of issue creating multiple policies for the same device in the different areas? 3. will creating policies of any type in endpoint admin center create alerts in defender 365?829Views0likes0Comments