Incorrect compliance status reported for Windows 10 devices with firewall enabled

This article helps you resolve an issue in which Windows 10 devices that have firewall enabled show an incorrect compliance status in Microsoft Intune because of a known issue in Windows 10.


You create and deploy a device compliance policy for Windows 10 devices in Intune. Under System Security > Device Security, you set the Firewall setting to Require to turn on the Microsoft Defender Firewall.

Screenshot of the Firewall setting.

However, some Windows 10 devices that have the Microsoft Defender Firewall turned on are incorrectly displayed as noncompliant.


This issue is caused by a known issue in certain versions of Windows 10.


To fix the issue, install the following update on the devices:


If you can't install the update, follow these steps to work around the issue.

  1. Change the compliance policy by using one of the following methods.

    • Method 1 (recommended)

      Open the device compliance policy, look under Properties > Actions for noncompliance, select Mark device noncompliant, and then enter a nonzero number in Schedule (days after noncompliance). This creates a grace period during which to mark the devices as noncompliant.

      For more information, see Add actions for noncompliance.

    • Method 2

      Open the device compliance policy, look under System Security > Device Security, and then set the Firewall setting to Not configured.

  2. Ask the affected users to manually sync their Windows devices, and check compliance at After the devices become compliant, the users can access protected resources.