Defender Firewall Blocked Traffic Rule Addition

This guide will allow administrators to establish a desired network traffic block that will be enforced on registered Intune device.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: Device Security

Domain: Firewall Management

Modifies: Unsanctioned Firewall Traffic

Defender Firewall Blocked Traffic Rule Addition

  1. Navigate to Firewall – Intune, select the Security Essentials Firewall Rules policy.
  2. Scroll down to Configuration Settings, select Edit.
  3. Find and select the Add feature, followed by selecting Edit Rule.
  4. A pop up will be displayed; make sure to Enable the rule, provide a Name, specify the desired TCP/UDP Port Ranges, specify the desired Network Interface Types, specify the desired Firewall Network Types, set the Direction for the network traffic block, set the action to Block, and specify the Protocol as TCP(6) or UDP(17) depending on the traffic. Once all of the items are configured, select Save to generate the rule.

  5. The rule should now show up in the list, select Review + Save, followed by Save. The rule changes will be propagated at the next device check-in, usually within 1-2 hours.

Need Assistance?

Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.