Microsoft is releasing enhanced Windows Defender Firewall security capabilities that allow for reusing group settings to target devices and users and support the use of Fully Qualified Domain Name rules.
According to Microsoft, these new capabilities in Intune are designed to simplify management and provide more advanced controls to configure Firewall rules, giving IT admins the ability to reuse setting groups across policies and create and manage groups that contain properties that can be reused across policies.
Admins can create and manage groups that contain properties to be reused across policies, including properties for remote IP address ranges and of Fully Qualified Domain Name (FQDN) and auto-resolution.
These settings are applicable for Windows 10, Version 20H2 and on, and Windows 11.
On the Firewall pane of Endpoint security in Intune, admins will see a new tab available to manage their “Reusable settings” which displays a list of existing settings groups and the number of Firewall policies that are using that particular settings group.
To begin, the admin creates a new “reusable settings” group, giving it a name and description and then defines its properties.
There are options to include the remote IP address ranges, which are similar to configuring a manual Firewall rule, through manual definition or importing a file.
The new settings introduce the option to use FQDNs as part of the rule definition. If the “Auto-Resolve” flag is set to true, then the ‘keyword’ field of this object is expected to be a fully qualified domain name, and the IP addresses will be automatically resolved on the target device, according to Microsoft.
Microsoft Defender for Endpoint Antivirus must be primary and network protection must be enabled on the target devices. If not configured, the target devices will not enforce the rule with FQDN keyword, the company says.
When the reusable setting group has been saved, it will appear in the Reusable settings group list. At any point, admins can edit the group properties.
Going forward, when admins configure a new Windows 10, version 20H2+ or Windows 11 client Firewall Rules policy, they will see the option to reference any existing reusable setting group. By selecting the “Set reusable groups” link, the list of existing groups will appear. The admin may then add one or more groups and the Firewall rule will inherit their properties, per a Microsoft blog.
Admins can continue to manually configure Firewall rules and their properties and reference groups, and they can also mix and match other rules that reference reusable groups, have manual definition within policy, or both.
Microsoft says admins can edit a Firewall rule to remove or add reusable groups. If the properties of a reusable group get added, removed, or altered, the Firewall policies inheriting its group properties will also inherit the changes.
For more information on how to trace and troubleshoot Intune Firewall rule settings, see additional information in How to trace and troubleshoot the Intune Endpoint Security Firewall rule creation process.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!