Add firewall, AV, UAC to compliance policy
In Windows 10 1607 devicestatus.csp was extended to include support for AV, firewall and UAC status.
However none of these features can be utilised in Intune compliance policies. We would like the ability to block access to corporate resources if AV or FW are disabled etc. Whilst Windows 10 device health attestation can check for ELAM this requires TPM 2.0.
As the Windows 10 product team has added these capabilities into the OS... please add them into Intune! Unlike configuration policies we cannot create custom compliance policies in order to take advantage of these features ourselves. Allowing custom compliance policy will be my next idea :-).
For the release the week of Nov 6:
Admins can now configure the Firewall settings on a device using a device configuration profile
Admins can turn on firewall for devices, and also configure various protocols for domain, private, and public networks. These firewall settings can be found in the “Endpoint protection” profile.
Oliver Kieselbach commented
Hey Cathy I think the request targets the compliance check not the ability to configure it. We want to see the compliance check if AV is enabled and FW is enabled like we already have for e.g. if BitLocker is enabled. Is this something you are planning or started already?