Managing your Firewall in Endpoint Manager is now in preview.

Hello there,

When looking at my Microsoft Endpoint Manager dashboard today, I noticed a number of new preview features have arrived. Next up, I am going to be looking at Firewall capabilities via Endpoint Security.

Microsoft Endpoint Manager has a new home

Access to the Microsoft Endpoint Manager now has a new URL http://endpoint.microsoft.com replacing http://devicemanagement.microsoft.com

This new preview feature supports the following scenarios;

Windows 10 – Microsoft Defender Firewall

Microsoft Defender Firewall

Now let’s look at the settings that are available to us today, the information below has been taken directly from the MEM Dashboard.

SettingActionDefinition
Disable stateful File Transfer Protocol (FTP) Yes / Not configured If not configured, the firewall will use FTP to inspect and filter secondary network connections, which could cause your firewall rules to be ignored.
Number of seconds a security association can be idle before it’s deleted Enter idle time in seconds (300 – 3600) How long the security associations are kept after network traffic is not seen. The number must be from 300 to 3600 seconds. When not configured, the system will delete a security association after it’s been idle for 300 seconds.
Preshared key encoding Not configured / None / UTF8 If you don’t require UTF-8, preshared keys will initially be encoded using UTF-8. After that, device users can choose another encoding method.
Firewall IP sec exemptions allow neighbor discovery Yes / Not configured Firewall IP sec exemptions allow neighbor discovery
Firewall IP sec exemptions allow ICMP Yes / Not configured Firewall IP sec exemptions allow ICMP
Firewall IP sec exemptions allow router discovery Yes / Not configured Firewall IP sec exemptions allow router discovery
Firewall IP sec exemptions allow DHCP Yes / Not configured Firewall IP sec exemptions allow DHCP
Certificate revocation list (CRL) verification Not configured / None / Attempt / Require Specify how certificate revocation list (CRL) verification is enforced. When set to not configured the client default is to disable CRL verification.
Require keying modules to only ignore the authentication suites they don’t support Yes / Not configured When this setting is set to yes, keying modules will ignore unsupported authentication suites.
Packet queuing Not configured / Disabled / Queue Inbound / Queue Outbound / Queue Both Specify how scaling for the software on the receive side is enabled for the encrypted receive and clear text forward for the IPsec tunnel gateway scenario. This ensures that the packet order is preserved. When this is set to not configured, packet queuing will be returned back to client default which is disabled.
Turn on Microsoft Defender Firewall for domain networks Not configured / Yes / No When this setting is set to yes, the Microsoft Defender Firewall for this network type (domain) will be turned on and enforced. When it’s set to not configured, the client will return to default which is to enable firewall. To disable the firewall, set to no.
Turn on Microsoft Defender Firewall for private networks Not configured / Yes / No When this setting is set to yes, the Microsoft Defender Firewall for this network type (private) will be turned on and enforced. When it’s set to not configured, the client will return to default which is to enable firewall. To disable the firewall, set to no.
Turn on Microsoft Defender Firewall for public networks Not configured / Yes / No When this setting is set to yes, the Microsoft Defender Firewall for this network type (public) will be turned on and enforced. When it’s set to not configured, the client will return to default which is to enable firewall. To disable the firewall, set to no.

Once you have created your new policy, make sure you have apply scope tag and assign it to your relevant security groups before saving.

macOS – macOS Firewall

Firewall

Now let’s look at the settings that are available to us today, the information below has been taken directly from the MEM Dashboard.

SettingActionDefinition
Enable Firewall Yes / Not configured Enable Firewall to configure how incoming connections are handled in your environment.
Block all incoming connections Yes / Not configured Block all incoming connections except those required for basic Internet services such as DHCP, Bonjour, and IPSec. This will block all sharing services.
Enable stealth mode Yes / Not configured Enabling stealth mode prevents the computer from responding to probing requests. The computer still answers incoming requests for authorized apps.
Firewall apps Set rules for incoming connections for the following apps.

Once you have created your new policy, make sure you have apply scope tag and assign it to your relevant security groups before saving.

This completes the list of configurations available in Microsoft Endpoint Manager for Firewall.

Regards,
The Author – Blogabout.Cloud

Leave a Reply

Your email address will not be published. Required fields are marked *