Firewall
Configure Windows Defender Firewall policies through Intune endpoint security. Manage firewall profiles, default actions, and custom rules for domain, private, and public networks.
Firewall Profiles
Domain Profile
Active when connected to a corporate domain network.
Private Profile
Active on trusted private networks. Balanced security.
Public Profile
Active on untrusted public networks. Most restrictive.
Profile Settings
| Setting | Domain | Private | Public |
|---|---|---|---|
| Firewall Enabled | Yes | Yes | Yes |
| Inbound Default | Block | Block | Block |
| Outbound Default | Allow | Allow | Allow |
| Stealth Mode | Yes | Yes | Yes |
| Logging (Dropped) | Yes | Yes | Yes |
Custom Firewall Rules
| Property | Description |
|---|---|
| Name | Rule display name |
| Direction | Inbound / Outbound |
| Action | Allow / Block |
| Protocol | TCP / UDP / ICMP / Any |
| Local Ports | Specific ports or ranges |
| Remote Ports | Specific ports or ranges |
| Application Path | Path to the program |
Creating a Firewall Policy
- Navigate to Endpoint Security then Firewall
- Select profile type (Firewall or Firewall Rules)
- Configure settings per network type
- Define custom rules if needed
- Assign to device groups
Rule Processing Priority
- Authenticated bypass rules (highest)
- Block connection rules
- Allow connection rules
- Default profile behavior (lowest)
Troubleshooting
- Application blocked — Check if app needs custom allow rule
- Policy conflict — Review overlapping policies
- Firewall not enabled — Verify policy assignment and sync
Best Practices
- Enable firewall on all profiles
- Block inbound by default
- Use application-based rules over port-based
- Enable dropped packet logging
- Test rules on pilot devices
API Reference
GET /api/devices/security/firewall/policies— List policiesPOST /api/devices/security/firewall/policies— Create policyGET /api/devices/security/firewall/status— Get statusGET /api/devices/security/firewall/rules— List rules
Last updated on