S02E20 - How to Import Microsoft Defender Firewall Rules into Microsoft Intune Policies - (I.T)
HTML-код
- Опубликовано: 4 авг 2024
- In this video the guys discuss the migrating Microsoft Defender Firewall rules from Group Policy to Microsoft Intune. They cover the basics of using Endpoint Security to set up the basic firewall policy then demo a script that will import configured firewall rules directly into Intune.
00:00 - Intro
01:20 - Group policy firewall policies
05:40 - Inture firewall policies
08:09 - S01E40 - Deep Dive into Intune Endpoint Security with Microsoft PM Matt Shadbolt
• S01E40 - Deep Dive int...
08:50 - Endpoint security firewall policies
11:35 - Endpoint security firewall rule migration tool
docs.microsoft.com/mem/intune...
23:20 - Migration tool logs
26:25 - Sign off
Visit our websites and social media for more or to get in touch with us
Steve Hosking - Microsoft MMD Team
/ onpremcloudguy
steven.hosking.com.au/
mvp.microsoft.com/en-us/Publi...
github.com/onpremcloudguy
Adam Gross - Microsoft MVP - Enterprise Mobility
/ adamgrosstx
www.asquaredozen.com
github.com/AdamGrossTX
mvp.microsoft.com/en-us/Publi...
Ben Reader - Microsoft MVP - Enterprise Mobility
/ powers_hell
www.powers-hell.com/
github.com/tabs-not-spaces
mvp.microsoft.com/en-us/Publi...
The material was great! However, Adam was all over the place with what he was up to and the options available.. left me with looking into it for myself (which is a good idea anyway). His confusion becomes our confusion. At least the script is a good tool in the belt. The joy of doing it live!
Thanks for the feedback. The initial plan was to just cover the script but then we changed at the last minute and it got us off track. Hopefully it still got you where you needed to be.
Super Solid !
Thanks for the video, this helps. One of the challenge like you have mentioned about private profile for cooperate network, where do we put Corporate subnet details in the rules section.
So for the most part we use the default Windows Defender rules. If I simply want to add a new global rule to allow a single program to run can I just create that single rule and have it pushed out to end user devices or do I have to export my entire policy/profile first, configure it in Intune and then add that single firewall change?
Thanks for pointing out and going over the script! We didn't actually see what happened when a Windows 10 device gets the firewall rule policy created in the video, but when I tested the script and applied the resulting policy to a device I found some odd behavior on the device between the Windows Defender Firewall Control Panel "Allowed Apps" view of the rules and the "Windows Defender Firewall with Advanced Security" view of the rules:
1) the rules from the policy seem to be created and enabled in the former but are not enabled in the later
2) when I create additional rules manually in the same firewall rule policy, they show up in the former but not present in the later (or via Get-NetFirewallRule)
3) Nevertheless, the rules do seem to be have functional effect (they work).
Anyone see similar behavior?
Thanks , if we harden the firewall and disable any local rules and rule merging and do one only one firewall policy from Intune , how so we know which inbound/outbound rules are required to not cause service issue between the machine and the intune cloud ? e.g. Firewall Requirement for Intune Client ?
docs.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints
@@IntuneTraining Thanks, by the way , Firewall managment via intune if the machind is only AAD joined and not domaim joined is a bit different , as the deployed firewall rules dont show under the "inbound" and "outbound" sections in the Windows Defender Firewall With Advanced Security , they only show under the "Monitoring" section .
Is anyone having difficulty running this script? It asks me for the Profile Name, and after that it does nothing.
Are you running as local admin? it is going to install a lot of things or you bypass that already?
I worked out that to get it working you need to create an empty policy first in Intune under Firewall, then run the script with the same profile name you created and boom.
@@davidbourne2006 I've been battling this for a while now, have a ticket open w/Microsoft and they have no clue. Your solution worked like a charm!
@@davidbourne2006I tried doing it but no luck 😢 any other suggestions?
At 14:50, the Teams firewall rule sounds useful. Be handy to have some more info on this.
github.com/AdamGrossTX/Toolbox/tree/master/Intune/Proactive%20Remediations/TeamsFirewallRule
@@IntuneTraining Thank-you so much! I appreciate your time on replying to my comment.
Great video. But I run the script with admin rights confirming its elevated and that I have permissions in Intune yet the script asks for a profile name and then seems to just hang. I verified my permissions and got someone to double check but it just sits there. Left it for hours and no change. Tried other devices to rule out my machine. Have you guys seen this happen? I see another comment below from someone with the same issue. Thanks
same here, did you fix it?
Any solution?
@@lidiaoleska9591did you have any luck?
How do you block all countries except the US?
This guy has a blog that may help with that www.gregsitservices.com/blog/2016/02/blocking-unwanted-countries-with-windows-firewall/
@@IntuneTraining Thank you
@@IntuneTraining Can this be implemented through Intune policies?
Unfortunately this tool seesm to be obsolete as it relies on the 'old' way of accessing Azure.
Yep. But the video is also about 4 years old. They have a whole new firewall rule interface now.