Firewall Rules

Configure Windows Defender Firewall rules through Intune endpoint security policies. Define inbound and outbound traffic rules for domain, private, and public network profiles.

Firewall Profiles

Domain Profile

Active when connected to a corporate domain network. Typically the least restrictive for domain services.

Private Profile

Active on trusted private networks (home or office). Moderate restriction level.

Public Profile

Active on untrusted public networks. Most restrictive settings.

Default Behavior

Creating Custom Rules

Common Rule Examples

Allow RDP (Inbound)

• Direction: Inbound, Protocol: TCP, Local Port: 3389, Action: Allow, Profile: Domain

Block Telnet (Outbound)

• Direction: Outbound, Protocol: TCP, Remote Port: 23, Action: Block, Profile: All

Deploying Firewall Policies

1. Create an endpoint security Firewall policy in Intune
2. Select platform (Windows 10/11)
3. Choose profile type (Firewall or Firewall Rules)
4. Configure profile settings or individual rules
5. Assign to device groups

Rule Processing Priority

1. Authenticated bypass rules (highest)
2. Block connection rules
3. Allow connection rules
4. Default profile behavior (lowest)

Monitoring

• Firewall enabled/disabled status per device
• Policy deployment success and failures
• Rule conflicts between overlapping policies
• Blocked connection events

Best Practices

• Enable firewall on all three profiles
• Block inbound by default, create specific allow rules
• Use application-based rules over port-based
• Enable dropped packet logging
• Test rules on pilot devices first
• Document all custom rules

API Reference

• GET /api/devices/firewall/policies — List policies
• POST /api/devices/firewall/policies — Create policy
• GET /api/devices/firewall/rules — List rules
• GET /api/devices/firewall/status — Get status