In this post i will run through the steps that are required to allow ICMP / Ping with intune.
This rule will apply to the windows firewall through intune.
- Navigate to portal.azure.com and go to Intune > Device Configuration > Profiles and click on “Create Profile”.
- Enter a Name for the profile and for the platform select “Windows 10 and later“
- For the Profile type select Endpoint protection
- Click on Settings
- Click on “Microsoft Defender Firewall”
- Scroll down until you see “Firewall Rules” then click on “Add”
Here is how we want to configure our rule.
- Name – Name the rule whatever you want
- Description – Describe it however you wish
- Direction – For this rule i have chosen to select “Inbound”
- Action – “Allow”
- Network type – “Domain”
- protocol – “Custom“
- Protocol – “1”
- for a list of all protocols refer to https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
- Protocol – “1”
Click “OK” a few times and save the profile.
Assign the profile to your target group / users / devices and wait for the sync to complete.
Once the sync has completed we can verify the changes have taken place with windows firewall.
Open “Windows defender firewall with advanced security” and go to monitoring > firewall. Here we can see the rule that we created in Intune.
Thank you for this guide but as far as I know these settings are not reflected/shown in the Windows Defender Firewall GUI.
Hey Bartev,
Once the settings show up with a successful status on Intune. Perform a sync on the computer, either through intune or via the computer itself.
The firewall setting should then show under Monitoring > Firewall as per the last image in the post.
Hi,
tried it several times with different settings but i get a failure every time i sync the policy. I sued custom protocol or UDP directly, tried allow and block. Every time deployment failure and no rule in the local defender rule set. Do you have any hint? Is there a setting necessary to allow the deployment of rules?
Greeings
Hi Martin, what’s the error code that you see in intune? Is the policy being applied to a group of devices or users?