Microsoft improves control over firewall rule configuration with Defender


Microsoft releases enhanced Windows Defender Firewall security features that allow group settings to be reused to target devices and users and support the use of FQDN rules.

According to Microsoft, these new Intune features are designed to simplify management and provide more advanced controls for configuring firewall rules, giving IT administrators the ability to reuse settings groups in policies and create and manage groups containing properties that can be reused in policies.

Administrators can create and manage groups that contain properties for reuse in policies, including properties for remote IP address ranges and fully qualified domain name (FQDN) and auto-resolution.

These settings apply to Windows 10, version 20H2 and later, and Windows 11.

In the Endpoint Security Firewall pane in Intune, administrators will see a new tab available to manage their “Reusable Settings” which displays a list of existing setting groups and the number of firewall policies that use this particular parameter group.

To start, the administrator creates a new “reusable parameters” group, giving it a name and a description, then defines its properties.

There are options to include remote IP address ranges, which is similar to setting up a manual firewall rule, via manual definition or importing a file.

The new settings introduce the ability to use FQDNs as part of the rule definition. If the “Auto-resolve” flag is set to true, the “keyword” field of this object should be a fully qualified domain name and IP addresses will be automatically resolved on the target device, according to Microsoft.

Microsoft Defender for Endpoint Antivirus must be primary and network protection must be enabled on target devices. If not configured, target devices will not apply the rule with the FQDN keyword, the company says.

When the reusable parameter group has been saved, it appears in the list of reusable parameter groups. At any time, admins can edit group properties.

Going forward, when administrators configure a new Windows 10, version 20H2+ or Windows 11 Client Firewall Rules policy, they will see the option to reference any existing reusable settings group. By selecting the “Define reusable groups” link, the list of existing groups will appear. The administrator can then add one or more groups and the firewall rule will inherit their properties, according to Microsoft Blog.

Administrators can continue to manually configure firewall rules and their properties and reference groups, and they can also mix and match other rules that reference reusable groups, have a manual definition in the policy, or of them.

Microsoft says administrators can edit a firewall rule to remove or add reusable groups. If a reusable group’s properties are added, removed, or modified, firewall policies inheriting its group properties will also inherit the changes.

For more information about tracking and troubleshooting Intune firewall rule settings, see additional information in How to track and troubleshoot the Intune Endpoint Security firewall rule creation process.


About Author

Comments are closed.