Good new if you have implemented an Endpoint Protection policy in Intune (hope you did ): you can now create your very own Defender Firewall rules.
As you know, with the Endpoint Protection policy you were able to configure Windows Defender Firewall to have it enabled as well as few basic settings like merging (or not) local rules.
Now you can create your firewall rules (the same way you are able to do with group policy within your Active Directory environment).
To start implementing such rules, connect to your Azure portal (https://portal.azure.com) or Device Management portal (https://devicemanagement.microsoft.com) and reach out the Intune\Device Configuration configuration blade to create (or update) your Endpoint Protection policy
If you create a new Endpoint Protection policy you have to choose Windows 10 or later as platform and Endpoint protection as profile type
Then the Defender Firewall configuration is available in the Microsoft Defender Firewall blade and when you scroll down you have the Add button to create your firewall rule (both inbound or outbound)
You can add up to 150 firewall rules.
Same as for the firewall group policy you can define:
- direction – inbound or outbound
- action – allow or block
- network type – domain, private or public
- application – package family name (you can use the Get-AppPackage PowerShell command to identify), file path or Windows service
- scope – local and/or remote address
- protocol – TCP, UDP, custom or any; after choosing the protocol you can then define the communication port associated
- interface type – either remote access, Wireless or LAN