Manage Defender Firewall

Use this operation to add or remove rules for managing Defender Firewall traffic.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: Device Security

Domain: TBD

Modifies: TBD

When to Perform this Operation

As Needed: Proactive or in Response to User/Security

Technical Description and Importance

Managing sanctioned and unsanctioned Defender Firewall traffic is essential to controlling network communication while ensuring business continuity. Firewall rules determine which applications, services, or network endpoints can interact with systems, directly influencing system security and operational workflows. Adding or removing rules enables flexibility to adapt to organizational changes, regulatory requirements, and evolving threat landscapes. Regularly managing these rules prevents unauthorized access, mitigates risks, and aligns with operational goals for maintaining a secure and functional network environment.

Management Options

• Add a Firewall Rule
• Remove a Firewall Rule

Add a Firewall Rule:

Purpose
Create a new rule to allow or block specific traffic in Defender Firewall.
Use Case
A new internal application requires access to a specific port to function correctly.

Remove a Firewall Rule:

Purpose
Delete an existing rule to restrict previously allowed traffic in Defender Firewall.
Use Case
Access to a deprecated service must be revoked to prevent unnecessary network exposure.

Operation	Action	Target
Add a Firewall Rule	Addition	Sanctioned Defender Firewall Traffic
Remove a Firewall Rule	Removal	Unsanctioned Defender Firewall Traffic

Add a Firewall Rule

This operation adds a new rule to Defender Firewall to allow or block specific traffic.

       1. Defender Firewall Rule Addition

Remove a Firewall Rule

This operation removes an existing rule in Defender Firewall to restrict specific traffic.

       1. Defender Firewall Rule Removal

Need Assistance?