Let’s check Firewall policy reports for endpoint security in Intune. Firewall Policy Reports in Intune provide administrators with a detailed view of the traffic that is being allowed or blocked by the organization’s firewall policies.
These reports can be used to monitor and analyze network traffic, identify potential security risks, and troubleshoot issues related to firewall configuration. While you can configure the same firewall settings by using Endpoint Protection profiles for device configuration, the device configuration profiles include additional settings categories.
Windows MDM Firewall status allows you to check the status of Windows 10 or Windows 11 MDM devices that have a firewall enabled or disabled. This report provides a high-level view of the firewall status for Windows 10 or 11 managed devices with Intune.
By reviewing Firewall Policy Reports in Intune, you can ensure that their firewall policies are effective in protecting the network and data. They can also use the reports to adjust their policies to better align with their security goals and compliance requirements.
As an organizational report, this report is available from the Reports node. You can also navigate to Reports > Firewall > MDM Firewall status for Windows 10 and later.
- Intune Firewall Proxy Requirements Modern Windows 10 Deployment
- Intune Windows 10 MDM Firewall Status Report | Endpoint Manager
How to Check Firewall Policy Reports in Intune
The reports for Firewall policy display status details about the firewall status for your managed devices. Firewall reports support managed devices that run the following operating systems.
- Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com/.
- Navigate to Endpoint security > Firewall.
The summary is the default view when you open the Firewall node, Endpoint security > Firewall > Summary. You could see the devices with firewall tuned off with the count as shown below.
You may find the endpoint security policies for firewalls under Manage in the Endpoint security node. This report is located in the Endpoint security node, and then go to Endpoint security > Firewall > MDM devices running Windows 10 or later with firewall off.
This view provides, An aggregate count of devices that have the firewall turned off. A list of your Firewall policies, including the name, type, if it’s assigned, and when it was last modified.
Using the Windows DeviceStatus CSP, data is reported to identify devices where the Firewall is disabled. The default visible details include the following:
- Device name
- Firewall status
- User principal name
- Target (The method of device management)
- Last check in time
Here you can also find many options for controlling and managing the policies. You can see “Restart” and “Sync”
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.