Firewall Policy Modification

This guide will provide background information on modifying an existing set of Windows Defender Firewall settings.

Endpoint Firewall

While many security practitioners are familiar with managing a central firewall, a newer concept to some may be the management of an endpoint firewall. While endpoint firewalls represent a typographically different approach to managing network traffic, with the help of the Endpoint Management Console, management of all corporate device firewalls can work to imitate the functionality of a centrally located firewall arrangement. By publishing firewall rules, the devices will abide by those rules as a collective and allow for changes in rules to be made easily and quickly.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: TBD

Domain: TBD

Modifies: TBD

Modifying a Device Defender Firewall Rule

1. Navigate to Firewall – Intune, select the policy you wish to alter.
   
2. Upon opening the policy, select Properties; all the information of the policy will be displayed. 4 points of interest will be available to you can modify the sections as needed.
   1. Basics: Adjusts non-functional aspects of the rule, such as the Name of the policy.
      
   2. Assignments: Specifies which groups will be included or excluded from Firewall Rule Enforcement.
      
   3. Scope tags: Specifies which administrators can view and alter this object.
      
   4. Configuration Settings: Allows you to set specific network traffic block or allowances that the firewall will enforce on the specified groups devices.
      
3. The Sections will all have the same prompt for adjustments, either add, remove, or delete the setting and select Review + Save to finalize the changes.
   
4. Once on the revisions page, if all the necessary adjustments look correct, select Save to finalize the modification process.