Create and deploy Windows Firewall policies for Endpoint Protection in Configuration Manager
Applies to: Configuration Manager (current branch)
Firewall policies for Endpoint Protection in Configuration Manager let you perform basic Windows Firewall configuration and maintenance tasks on client computers in your hierarchy. You can use Windows Firewall policies to perform the following tasks:
Control whether Windows Firewall is turned on or off.
Control whether incoming connections are allowed to client computers.
Control whether users are notified when Windows Firewall blocks a new program.
In the Configuration Manager console, click Assets and Compliance.
In the Assets and Compliance workspace, expand Endpoint Protection, and then click Windows Firewall Policies.
On the Home tab, in the Create group, click Create Windows Firewall Policy.
On the General page of the Create Windows Firewall Policy Wizard, specify a name and an optional description for this firewall policy, and then click Next.
On the Profile Settings page of the wizard, configure the following settings for each network profile:
Note
For more information about network profiles, see the Windows documentation.
Enable Windows Firewall
Note
If Enable Windows Firewall is not enabled, the other settings on this page of the wizard are unavailable.
Block all incoming connections, including those in the list of allowed programs
Notify the user when Windows Firewall blocks a new program
On the Summary page of the wizard, review the actions to be taken, and then complete the wizard.
Verify that the new Windows Firewall policy is displayed in the Windows Firewall Policies list.
To deploy a Windows Firewall policy
In the Configuration Manager console, click Assets and Compliance.
In the Assets and Compliance workspace, expand Endpoint Protection, and then click Windows Firewall Policies.
In the Windows Firewall Policies list, select the Windows Firewall policy that you want to deploy.
On the Home tab, in the Deployment group, click Deploy.
In the Deploy Windows Firewall Policy dialog box, specify the collection to which you want to assign this Windows Firewall policy, and specify an assignment schedule. The Windows Firewall policy evaluates for compliance by using this schedule and the Windows Firewall settings on clients to reconfigure to match the Windows Firewall policy.
Click OK to close the Deploy Windows Firewall Policy dialog box and to deploy the Windows Firewall policy.
Important
When you deploy a Windows Firewall policy to a collection, this policy is applied to computers in a random order over a 2 hour period to avoid flooding the network.