Manage Windows 10 1709 port specific firewall rules with Intune
Windows 10 1709 devices support Firewall CSP (https://docs.microsoft.com/en-us/windows/client-management/mdm/firewall-csp) that allows creating port specific firewall rules via MDM channel. Please add support to Intune to manage those firewall rules.
Great news, this feature is now generally available. If there are any additional features that you want to suggest please create a new suggestion. You can find What’s New at this link: https://docs.microsoft.com/en-us/intune/whats-new#advanced-settings-for-windows-defender-firewall—-
we all waiting for it!
Still not working
Gabriel Nordén commented
Hello, Is there any news when it will be released?
Looks like the removede the feature from whats new??
We've been unable to configure this via CSP,
Even if we could get firewall rules working by CSP this would be an important step over the current situation.
The following is from:
"I opened a ticket to Azure support (REG:118083118906763) and after 2 months of escalations they stated this does not work on Intune:
“Basically, the capability of enabling a rule in Firewall that will enable a port such as TCP 3389 using custom policies is not currently possible using a CSP. There, just, aren’t any CSPs currently available to allow ports in Windows Firewall.”"
Rob Broughall commented
Still no news on this? The guidance doesn't work, we tried a support case and got nowhere. Seems a bit crazy that documentation has been released which just doesn't work.
Danny Murphy commented
This lack of feature is meaning we cannot attain accreditations as we have no control over ports on the endpoints. Which means as a CSP, we cannot push the product to our customers
A Thorne commented
I have been asked to submit a feature request from my Microsoft premier support to this URL, so here it goes. My organization is requesting Firewall Rules control through MDM/Intune. Ideally it should be located in a module of Intune along side the Antivirus in the same fashion as "Device Enrollment, Device compliance, and Device Configuration." This feature is essential to standing up against any security audit that my org might undergo. We would like to see the ability to add exclusions to IP addressees as well. Intune will not past muster in it's present form with security audits due to the lack of Firewall control, as well as the multiple problems applying configuration profiles to endpoints.
Mathieu Aït Azzouzene commented
It has been a year and Firewall CSP is still a mess, I keep getting errors when I try to add Firewall Rules using the Firewall CSP within Intune.
Claudio Rifo commented
Or at least add some examples to the firewall-csp documentation.
Has anyone been able to use the firewall-csp to create or activate an existing rule?
it's a great idea