Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

How can we improve Microsoft Intune

Manage Windows 10 1709 port specific firewall rules with Intune

Windows 10 1709 devices support Firewall CSP (https://docs.microsoft.com/en-us/windows/client-management/mdm/firewall-csp) that allows creating port specific firewall rules via MDM channel. Please add support to Intune to manage those firewall rules.

127 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
panu.saukko shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

8 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    We've been unable to configure this via CSP,

    Even if we could get firewall rules working by CSP this would be an important step over the current situation.

    The following is from:
    https://docs.microsoft.com/en-us/windows/client-management/mdm/firewall-csp#feedback

    "I opened a ticket to Azure support (REG:118083118906763) and after 2 months of escalations they stated this does not work on Intune:

    “Basically, the capability of enabling a rule in Firewall that will enable a port such as TCP 3389 using custom policies is not currently possible using a CSP. There, just, aren’t any CSPs currently available to allow ports in Windows Firewall.”"

  • Rob Broughall commented  ·   ·  Flag as inappropriate

    Still no news on this? The guidance doesn't work, we tried a support case and got nowhere. Seems a bit crazy that documentation has been released which just doesn't work.

  • Danny Murphy commented  ·   ·  Flag as inappropriate

    This lack of feature is meaning we cannot attain accreditations as we have no control over ports on the endpoints. Which means as a CSP, we cannot push the product to our customers

  • A Thorne commented  ·   ·  Flag as inappropriate

    I have been asked to submit a feature request from my Microsoft premier support to this URL, so here it goes. My organization is requesting Firewall Rules control through MDM/Intune. Ideally it should be located in a module of Intune along side the Antivirus in the same fashion as "Device Enrollment, Device compliance, and Device Configuration." This feature is essential to standing up against any security audit that my org might undergo. We would like to see the ability to add exclusions to IP addressees as well. Intune will not past muster in it's present form with security audits due to the lack of Firewall control, as well as the multiple problems applying configuration profiles to endpoints.

  • Mathieu Aït Azzouzene commented  ·   ·  Flag as inappropriate

    It has been a year and Firewall CSP is still a mess, I keep getting errors when I try to add Firewall Rules using the Firewall CSP within Intune.

  • Claudio Rifo commented  ·   ·  Flag as inappropriate

    Or at least add some examples to the firewall-csp documentation.

    Has anyone been able to use the firewall-csp to create or activate an existing rule?

Feedback and Knowledge Base