Windows
      Back to home
      1. Help Center
      2. Configuration Templates
      3. Windows

      Firewall Settings

      Overview

      The Devicie Firewall Settings Baseline provides a starting point for organisations to leverage the benefits of Windows Firewall, to reduce the risk of security threats. It covers a wide range of items that encourage uniformity, improve administrators overview and improve device security with minimal impact to typical user activity.

      Intune Description:

      Enforcement of Windows Firewall across Domain, Public and Private networks in a uniformed manner.

      Scope:

      This baseline should be applied to Windows devices.

      Policy Impact Areas:

      When deployed, this policy will impact:

      • Enforcing Windows Firewall, with enforcement of many configurations

      • Enabling many Windows Firewall related Auditing and Device Event Log Services

      Deployment Notes

      1. Pre-Deployment Considerations:

        • Review existing Windows Firewall (or other related endpoint protection software) configurations

      2. Post-Deployment Validation:

        • Verify Windows Firewall configuration, such as enforcement of Windows Firewall on Domain, Public and Private networks.

      Configuration Settings:

      Name

      Value

      Firewall

      Enable Domain Network Firewall

      True

        Log Max File Size

      16384

        Log File Path

      %systemroot%\system32\LogFiles\Firewall\domainfw.log

        Default Inbound Action for Domain Profile

      Block

        Default Outbound Action

      Allow

        Disable Inbound Notifications

      True

        Disable Stealth Mode

      False

        Disable Stealth Mode Ipsec Secured Packet Exemption

      True

        Enable Log Dropped Packets

      Enable Logging Of Dropped Packets

        Enable Log Ignored Rules

      Disable Logging Of Ignored Rules

        Enable Log Success Connections

      Enable Logging Of Successful Connections

        Shielded

      False

      Enable Private Network Firewall

      True

        Log Max File Size

      16384

        Log File Path

      %systemroot%\system32\LogFiles\Firewall\privatefw.log

        Default Inbound Action for Private Profile

      Block

        Default Outbound Action

      Allow

        Disable Inbound Notifications

      True

        Disable Stealth Mode

      False

        Disable Stealth Mode Ipsec Secured Packet Exemption

      True

        Enable Log Dropped Packets

      Enable Logging Of Dropped Packets

        Enable Log Ignored Rules

      Disable Logging Of Ignored Rules

        Enable Log Success Connections

      Enable Logging Of Successful Connections

        Shielded

      False

      Enable Public Network Firewall

      True

        Log Max File Size

      16384

        Log File Path

      %systemroot%\system32\LogFiles\Firewall\publicfw.log

        Default Inbound Action for Public Profile

      Block

        Default Outbound Action

      Allow

        Disable Inbound Notifications

      True

        Disable Stealth Mode

      False

        Disable Stealth Mode Ipsec Secured Packet Exemption

      True

        Disable Unicast Responses To Multicast Broadcast

      False

        Enable Log Dropped Packets

      Enable Logging Of Dropped Packets

        Enable Log Ignored Rules

      Disable Logging Of Ignored Rules

        Enable Log Success Connections

      Enable Logging Of Successful Connections

        Shielded

      False
       
       

      Devicie Template Name

      Firewall Settings

      Default Intune Deployed Name

      DEVICIE-PROD-Firewall Settings

      Version

      1.0

      Template Last Updated

      Nov 18, 2024

      Document Status:

      DRAFT

      Document Last Updated:

      Apr 10, 2025