Enable Windows Firewall via Intune

From Notes_Wiki

Home > Microsoft Intune > Enable Windows Firewall via Intune

Enable Windows Firewall via Intune

Overview

Windows Firewall can be centrally managed and enforced using Intune policies. This ensures devices remain protected across domain, private, and public networks.

Prerequisites

  • Intune Administrator or Security Administrator role.
  • Windows 10/11 devices enrolled in Intune.
  • Microsoft Defender Firewall enabled on endpoints.

Steps

1. Sign in

2. Navigate to Firewall Policies

  • Go to: Endpoint security > Firewall > Create policy.

3. Select Platform and Profile Type

  • Platform: Windows 10 and later
  • Profile type: Microsoft Defender Firewall

4. Configure Firewall Settings

  • Enable firewall for:
    • Domain profile
    • Private profile
    • Public profile
  • Recommended defaults:
    • Block inbound connections
    • Allow outbound connections
  • Optional: add custom firewall rules.

5. Assign the Policy

  • Assign to Azure AD groups (e.g., All Devices, Servers, Laptops).

6. Review and Create

  • Verify settings.
  • Click Create.

7. Monitor Deployment

  • Navigate: Endpoint security > Firewall > Select Policy > Device/User status.
  • Confirm that devices report firewall enabled.

Notes

  • Keeping the firewall enabled is a security best practice.
  • Use custom rules for line-of-business applications if needed.
  • Always test in a pilot group before production rollout.



Home > Microsoft Intune > Enable Windows Firewall via Intune