deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo 2023-11-20 17:41:16 -05:00
parent b8c5b9a5b6
commit 54c8580064
4 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/security/operating-system-security/network-security/windows-firewall/images/fw02-createrule.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 162 KiB

10
windows/security/operating-system-security/network-security/windows-firewall/rules.md
View File

@ -50,16 +50,16 @@ In either of these scenarios, once the rules are added, they must be deleted to
Windows Firewall supports the use of Windows Defender Application Control (WDAC) Application ID (AppID) tags in firewall rules. With this capability, Windows Firewall rules can be scoped to an application or a group of applications by referencing process tags, without using absolute path or sacrificing security. There are two steps for this configuration: Windows Firewall supports the use of Windows Defender Application Control (WDAC) Application ID (AppID) tags in firewall rules. With this capability, Windows Firewall rules can be scoped to an application or a group of applications by referencing process tags, without using absolute path or sacrificing security. There are two steps for this configuration:
1. Deploy WDAC AppId Tagging Policies: a Windows Defender Application Control (WDAC) policy must be deployed, which specifies individual applications or groups of applications to apply a *PolicyAppId tag* to the process token(s). Then, the admin can define firewall rules that are scoped to all processes tagged with the matching PolicyAppId. For more information, see the [WDAC Application ID (AppId) Tagging guide](../../../application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md) to create, deploy, and test an AppID policy to tag applications. 1. Deploy *WDAC AppId tagging policies*: a Windows Defender Application Control policy must be deployed, which specifies individual applications or groups of applications to apply a *PolicyAppId tag* to the process token(s). Then, the admin can define firewall rules that are scoped to all processes tagged with the matching *PolicyAppId*. For more information, see the [WDAC AppId tagging guide](../../../application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md) to create, deploy, and test an AppID policy to tag applications.
1. Configure Firewall Rules using PolicyAppId Tags using one of the two methods: 1. Configure firewall rules using *PolicyAppId tags* using one of the two methods:
- Deploy firewall rules with Microsoft Intune: when creating firewall rules with Intune Microsoft Defender Firewall Rules, provide the AppId tag in the Policy App ID setting. The properties come directly from the [Firewall configuration service provider](/windows/client-management/mdm/firewall-csp)(CSP) and apply to the Windows platform. You can do this through the Intune admin center under Endpoint security > Firewall. Policy templates can be found via Create policy > Windows 10, Windows 11, and Windows Server > Microsoft Defender Firewall or Microsoft Defender Firewall Rules - Using the [PolicyAppId node of the Firewall CSP](/windows/client-management/mdm/firewall-csp#mdmstorefirewallrulesfirewallrulenamepolicyappid) with an MDM solution like Microsoft Intune. If you use Microsoft Intune, you can deploy the rules from Microsoft Intune Admin center, under the path **Endpoint security** > **Firewall** > **Create policy** > **Windows 10, Windows 11, and Windows Server** > **Windows Firewall Rules**. When creating the rules, provide the *AppId tag* in the **Policy App ID** setting
- Create local firewall rules with PowerShell: you can use [`New-NetFirewallRule`](/powershell/module/netsecurity/new-netfirewallrule) and specify the `-PolicyAppId` parameter. You can specify one tag at a time while creating firewall rules. Multiple User Ids are supported - Create local firewall rules with PowerShell: use the [`New-NetFirewallRule`](/powershell/module/netsecurity/new-netfirewallrule) cmdlet and specify the `-PolicyAppId` parameter. You can specify one tag at a time while creating firewall rules. Multiple User Ids are supported
## Local policy merge and application rules ## Local policy merge and application rules
*Rule merging* policy settings control how rules from different policy sources can be combined. Administrators can configure different merge behaviors for *Domain*, *Private*, and *Public profiles*. *Rule merging* policy settings control how rules from different policy sources can be combined. Administrators can configure different merge behaviors for *Domain*, *Private*, and *Public profiles*.
The rule-merging policy settings either allow or prevent local administrators from creating their own firewall rules in addition to those rules obtained from GPO or CSP. The rule-merging policy settings either allow or prevent local administrators from creating their own firewall rules in addition to those rules obtained from CSP or GPO.
| | Path | | | Path |
|--|--| |--|--|

6
windows/security/operating-system-security/network-security/windows-firewall/toc.yml
View File

@ -7,12 +7,12 @@ items:
items: items:
- name: Configuration tools - name: Configuration tools
href: tools.md href: tools.md
- name: Configure Windows Firewall - name: Configure with Microsoft Intune 🔗
href: /mem/intune/protect/endpoint-security-firewall-policy
- name: Configure with WFAS
href: configure.md href: configure.md
- name: Configure with command line tools - name: Configure with command line tools
href: configure-with-command-line.md href: configure-with-command-line.md
- name: Configure with Microsoft Intune 🔗
href: /mem/intune/protect/endpoint-security-firewall-policy
- name: Configure logging - name: Configure logging
href: configure-logging.md href: configure-logging.md
- name: Hyper-V firewall - name: Hyper-V firewall

14
windows/security/operating-system-security/network-security/windows-firewall/tools.md
View File

@ -72,12 +72,6 @@ Windows offers different tools to view the status and configure Windows Firewall
:::row::: :::row:::
:::column span="4"::: :::column span="4":::
The [Firewall CSP][CSP] provides an interface to configure and query the status of Windows Firewall, which can be used with a mobile device management (MDM) solution like Microsoft Intune. The [Firewall CSP][CSP] provides an interface to configure and query the status of Windows Firewall, which can be used with a mobile device management (MDM) solution like Microsoft Intune.
To learn more about the CSP options, follow these links:
- [Configure Windows Firewall settings][SETTINGS]: to configure the settings
- [Configure Windows Firewall rules][RULE]: to configure the rules
:::column-end::: :::column-end:::
:::row-end::: :::row-end:::
:::row::: :::row:::
@ -142,6 +136,14 @@ Once the emergency is over, uncheck the setting to restore regular network traff
> >
> [Configure Windows Firewall >](configure.md) > [Configure Windows Firewall >](configure.md)
> [!div class="op_single_selector"]
> From the following dropdown, select one of tools to learn how to configure Windows Firewall:
> - [Configure with Microsoft Intune 🔗](/mem/intune/protect/endpoint-security-firewall-policy)
> - [Configure with GPO](configure.md)
> - [Configure with command line tools](configure-with-command-line.md)
<!--links--> <!--links-->
[SEC-1]: windowsdefender://network/ [SEC-1]: windowsdefender://network/