From 2e0f2da643c9395c24c1d3b5efd80dd2fccf50b7 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 16 Nov 2023 18:09:15 -0500
Subject: [PATCH] test GPO settings
---
.../windows-firewall/configure-logging.md | 33 ++++++++-----------
1 file changed, 13 insertions(+), 20 deletions(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
index e767c11866..296b2c7a63 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
@@ -1,6 +1,6 @@
---
-title: Configure the Windows Defender Firewall Log
-description: Learn how to configure Windows Firewall to log dropped packets or successful connections with Microsoft Intune and group policy.
+title: Configure Windows Firewall logging
+description: Learn how to configure Windows Firewall to log dropped packets or successful connections with CSP and group policy.
ms.topic: how-to
ms.date: 11/14/2023
---
@@ -9,14 +9,12 @@ ms.date: 11/14/2023
To configure Windows Firewall to log dropped packets or successful connections, you can use:
-- Microsoft Intune/MDM
-- Group policy with the Windows Defender Firewall with Advanced Security node in the Group Policy Management MMC snap-in
+- Configuration Service Provider (CSP), using an MDM solution like Microsoft Intune
+- Group policy (GPO)
[!INCLUDE [tab-intro](../../../../../includes/configure/tab-intro.md)]
-#### [:::image type="icon" source="../../../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
-
-### Configure Windows Firewall with Intune
+# [:::image type="icon" source="../../../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
[!INCLUDE [intune-settings-catalog-1](../../../../../includes/configure/intune-settings-catalog-1.md)]
@@ -36,22 +34,10 @@ Alternatively, you can configure devices using a [custom policy][INT-1] with the
| **Setting name**: Turn On Virtualization Based Security
**OMA-URI**: `./Device/Vendor/MSFT/Policy/Config/DeviceGuard/EnableVirtualizationBasedSecurity`
**Data type**: int
**Value**: `1`|
| **Setting name**: Credential Guard Configuration
**OMA-URI**: `./Device/Vendor/MSFT/Policy/Config/DeviceGuard/LsaCfgFlags`
**Data type**: int
**Value**:
**Enabled with UEFI lock**: `1`
**Enabled without lock**: `2`|
-Once the policy is applied, restart the device.
-
-#### [:::image type="icon" source="../../../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
-
-### Configure Windows Firewall with group policy
+# [:::image type="icon" source="../../../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
[!INCLUDE [gpo-settings-1](../../../../../includes/configure/gpo-settings-1.md)]
-| Group policy path | Group policy setting | Value |
-| - | - | - |
-| **Computer Configuration\Administrative Templates\System\Device Guard** |Turn On Virtualization Based Security | **Enabled** and select one of the options listed under the **Credential Guard Configuration** dropdown:
- **Enabled with UEFI lock**
- **Enabled without lock**|
-
-[!INCLUDE [gpo-settings-2](../../../../../includes/configure/gpo-settings-2.md)]
-
-Once the policy is applied, restart the device.
-
1. Open the Group Policy Management Console to [Windows Defender Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
1. In the details pane, in the **Overview** section, click **Windows Defender Firewall Properties**.
1. For each network location type (Domain, Private, Public), perform the following steps.
@@ -66,6 +52,13 @@ Once the policy is applied, restart the device.
- To create a log entry when Windows Defender Firewall allows an inbound connection, change **Log successful connections** to **Yes**
1. Click **OK** twice
+
+| Group policy path | Group policy setting | Value |
+| - | - | - |
+| **Computer Configuration** > **Windows Settings** > **Security Settings** > **Windows Defender Firewall with Advanced Security** |Turn On Virtualization Based Security | **Enabled** and select one of the options listed under the **Credential Guard Configuration** dropdown:
- **Enabled with UEFI lock**
- **Enabled without lock**|
+
+[!INCLUDE [gpo-settings-2](../../../../../includes/configure/gpo-settings-2.md)]
+
---
### Troubleshoot Slow Log Ingestion