Intune – You can now create a set of reusable settings for Attack Surface Reduction Profile and Firewall Profile

Leave a Comment / Beta / Preview, Endpoint Configuration Manager, Microsoft Intune / By / / Device Configuration, Device Profile, ECM, Endpoint Configuration Manager, Firewall, Intune, Microsoft Intune

As you now to configure devices and Windows Firewall for managed devices in Intune you use profiles – attack surface reduction profiles or firewall profiles.

You may have multiple profiles to apply different configuration settings on devices and these profiles may have common configuration settings.

Unfortunately, until now, you were not able to define a common set of settings to reuse in profiles. Well, you can always have a profile with the common settings and apply the profile to all devices but this introduce administration overhead and can impact performance (same as with group policies, the more you have, the longer it takes to start and logon).

So, good news as now you can create reusable groups of settings to use in device configuration profile and firewall profile.

At this stage, the reusable groups of settings are limited to the below:

  • Attack Surface Reduction Profile
    • Prevent write and execute access to all but allow specific approved USBs
    • Audit write and execute access to all but block specific unapproved USBs
    • Only allow specific user groups to access specific removable storage on a shared PC
  • Firewall Profile
    • Remote IP addresses management (add, remove)
    • FQDNs that can auto resolve to the remote IP address, or for one or more simple keywords when auto resolve for the group is off

The reusable groups of settings apply to Windows 10 or later (off course assuming you are running a supported version of Windows 10/11 – aka not older than Windows 10 21H1 [see https://learn.microsoft.com/en-us/windows/release-health/supported-versions-windows-client/ for details)

To start using it, connect to your Intune portal (https://endpoint.microsoft.com/) and follow the steps for the corresponding profile

Reusable group of settings for Firewall Profile

  • Access the Endpoint security\Firewall blade to access the Reusable settings tab –  from the same blade you can identify the number for profile inheriting the settings

image  image

  • After naming the reusable settings, you can then configure your firewall settings

image

  • Once you have create a reusable group(s) of settings, you can either create a new Firewall Rules profile or edit an existing one to select the reusable settings group

image

Reusable group of settings for Attack Surface Reduction Profile

  • Access the Endpoint security\Attach surface reduction blade to access the Reusable settings tab –  from the same blade you can identify the number for profile inheriting the settings

image

  • After naming the reusable settings, you can then configure your settings

image

  • Once you have create a reusable group(s), you can either create a new Attack Surface Reduction Rules profile or edit an existing one to select the reusable settings group under the Device control section

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *