Microsoft Intune Gets New Windows Defender Firewall Management Features

Cloud Computing

Microsoft has introduced several new features to its Microsoft Intune admin center. The company highlighted that these updates should help IT admins boost security and improve Defender Firewall management.

Microsoft announced that Windows Defender Application Control (WDAC) Application ID tagging support is now available with Intune Firewall Rules policy. It enables customers to scope firewall rules to a specific app or group of applications. The feature is currently available for Windows 11 devices, with support for Windows 10 version 20H2 (and newer) to follow later this month.

“The WDAC AppID functionality adds an administrator defined tag to the given process token. By using these tags, the Firewall Rules policy won’t need to rely on an absolute file path or use of a variable file path that can reduce the rule security. Use of this capability requires you to have WDAC policies in place, which include AppId tags,” Microsoft explained.

Microsoft Intune Gets New Windows Defender Firewall Management Features

Microsoft has also added endpoint security firewall policy support for network list manager settings. This capability lets IT admin identify if an Azure AD device is connected to subnets within their on-premises domain. Moreover, it’s now possible to use the IcmpTypesAndCodes setting to set up inbound and outbound rules for Internet Control Message Protocol (ICMP). IT admins can access the setting in the Microsoft Defender Firewall rules profile on Windows Server, Windows 11, and Windows 10.

Finally, Microsoft released a new feature that enables administrators to configure firewall logging options in the endpoint security Firewall policy. The list of new settings includes Log File Path, Enable Log Success Connections, Enable Log Ignored Rules, and Enable Log Dropped Packets.

How to configure Windows Defender Firewall management settings in Microsoft Intune

Microsoft notes that IT Pros can configure the new settings by heading to the Microsoft Intune admin center >> Endpoint security >> Firewall. They can access policy templates through Create policy >> Windows 10, Windows 11, and Windows Server >> Microsoft Defender Firewall or Microsoft Defender Firewall Rules. However, this security capability is not available for Windows machines with the Security Management for Microsoft Defender for Endpoint attach solution.

In related news, Microsoft announced that IT admins can now configure and manage Windows LAPS on Windows endpoints with Microsoft Intune. This capability is available in public preview for enterprise customers.