Firewall Off despite policy being enabled
In Firewall and network protection, It says Firewall is off for all Network types. However it should be on. Is this normal/expected? However, In Sec. providers, Firewall is enabled. ========== In PS, Firewall appears to be enabled too. C:\Windows\System32>netsh advfirewall Show allprofiles Domain Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Private Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Public Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Ok. =========== In the Intune Firewall Policy the three options are enabled:Enable Domain Network FW via Intune
Hello Experts, I've been trying to implement some defender recommendations and can't figure out why " Secure Microsoft Defender Firewall domain profile" does not have any effect on the endpoints... I have followed the guide and configured Firewall policy in Intune / Endpoint Security. I've assigned it to few testing users/machines... Now, it looks like below: when I open the policy I see it was "Succeeded" on all devices... no error no conflict reported when I check in Endpoint security -> Firewall -> "MDM devices running Windows 10 or later with firewall off", all devices have Firewall status "Disabled" The configuration is very simple and looks like the below It is assigned to a group of users When I check on testing machine, I see the below I'm confused as it all seems to be "succeeded" but it has no effect on the end user device looks like. Any idea what am I missing here?
How to activate FW logs
Hello, Was is the best way to activate Windows FW logs with a MEM policy (with all the usual settings available with the related GPO) ? I tried to find any setting/template which can be used by a configuration profile but I haven't find any yet. I tried to import GPOs but it seems they are 'deprecated' for MDM (cf. screenshot below). Regards
Windows Firewall configuration via MEM
Hi I'm using the new profile template for Microsoft Defender Firewall profile (in Endpoint Security). When I edit an existing policy, settings that were set to 'Not configured' are now set to a value. For example creating a policy to enable the firewall on the domain firewall profile and block inbound connections, with everything else set to 'not configured', when editing that policy all the settings for the domain firewall profile now have values instead of 'not configured'. Is anyone else seeing this behaviour? Is this a bugIntune_Support_Team?
