diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index a425989761..bf3316923d 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -1,299 +1,486 @@
---
title: Firewall CSP
-description: The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings.
+description: Learn more about the Firewall CSP.
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
-ms.topic: article
+ms.date: 02/27/2023
+ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.reviewer:
-manager: aaroncz
-ms.date: 12/31/2017
+ms.topic: reference
---
-# Firewall configuration service provider (CSP)
+
-The table below shows the applicability of Windows:
+
+# Firewall CSP
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+> [!IMPORTANT]
+> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview.
-The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP was added Windows 10, version 1709.
+
+
+The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network.
-Firewall rules in the FirewallRules section must be wrapped in an Atomic block in SyncML, either individually or collectively.
+> [!NOTE]
+> Firewall rules in the FirewallRules section must be wrapped in an Atomic block in SyncML, either individually or collectively.
For detailed information on some of the fields below, see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](/openspecs/windows_protocols/ms-winerrata/6521c5c4-1f76-4003-9ade-5cccfc27c8ac).
+
+
The following example shows the Firewall configuration service provider in tree format.
+
+```text
+./Vendor/MSFT/Firewall
+--- MdmStore
+------ DomainProfile
+--------- AllowLocalIpsecPolicyMerge
+--------- AllowLocalPolicyMerge
+--------- AuthAppsAllowUserPrefMerge
+--------- DefaultInboundAction
+--------- DefaultOutboundAction
+--------- DisableInboundNotifications
+--------- DisableStealthMode
+--------- DisableStealthModeIpsecSecuredPacketExemption
+--------- DisableUnicastResponsesToMulticastBroadcast
+--------- EnableFirewall
+--------- EnableLogDroppedPackets
+--------- EnableLogIgnoredRules
+--------- EnableLogSuccessConnections
+--------- GlobalPortsAllowUserPrefMerge
+--------- LogFilePath
+--------- LogMaxFileSize
+--------- Shielded
+------ DynamicKeywords
+--------- Addresses
+------------ {Id}
+--------------- Addresses
+--------------- AutoResolve
+--------------- Keyword
+------ FirewallRules
+--------- {FirewallRuleName}
+------------ Action
+--------------- Type
+------------ App
+--------------- FilePath
+--------------- Fqbn
+--------------- PackageFamilyName
+--------------- ServiceName
+------------ Description
+------------ Direction
+------------ EdgeTraversal
+------------ Enabled
+------------ IcmpTypesAndCodes
+------------ InterfaceTypes
+------------ LocalAddressRanges
+------------ LocalPortRanges
+------------ LocalUserAuthorizedList
+------------ Name
+------------ PolicyAppId
+------------ Profiles
+------------ Protocol
+------------ RemoteAddressDynamicKeywords
+------------ RemoteAddressRanges
+------------ RemotePortRanges
+------------ Status
+------ Global
+--------- BinaryVersionSupported
+--------- CRLcheck
+--------- CurrentProfiles
+--------- DisableStatefulFtp
+--------- EnablePacketQueue
+--------- IPsecExempt
+--------- OpportunisticallyMatchAuthSetPerKM
+--------- PolicyVersion
+--------- PolicyVersionSupported
+--------- PresharedKeyEncoding
+--------- SaIdleTime
+------ HyperVFirewallRules
+--------- {FirewallRuleName}
+------------ Action
+--------------- Type
+------------ Direction
+------------ Enabled
+------------ LocalAddressRanges
+------------ LocalPortRanges
+------------ Name
+------------ Priority
+------------ Protocol
+------------ RemoteAddressRanges
+------------ RemotePortRanges
+------------ Status
+------------ VMCreatorId
+------ HyperVVMSettings
+--------- {VMCreatorId}
+------------ DefaultInboundAction
+------------ DefaultOutboundAction
+------------ EnableFirewall
+------------ EnableLoopback
+------ PrivateProfile
+--------- AllowLocalIpsecPolicyMerge
+--------- AllowLocalPolicyMerge
+--------- AuthAppsAllowUserPrefMerge
+--------- DefaultInboundAction
+--------- DefaultOutboundAction
+--------- DisableInboundNotifications
+--------- DisableStealthMode
+--------- DisableStealthModeIpsecSecuredPacketExemption
+--------- DisableUnicastResponsesToMulticastBroadcast
+--------- EnableFirewall
+--------- EnableLogDroppedPackets
+--------- EnableLogIgnoredRules
+--------- EnableLogSuccessConnections
+--------- GlobalPortsAllowUserPrefMerge
+--------- LogFilePath
+--------- LogMaxFileSize
+--------- Shielded
+------ PublicProfile
+--------- AllowLocalIpsecPolicyMerge
+--------- AllowLocalPolicyMerge
+--------- AuthAppsAllowUserPrefMerge
+--------- DefaultInboundAction
+--------- DefaultOutboundAction
+--------- DisableInboundNotifications
+--------- DisableStealthMode
+--------- DisableStealthModeIpsecSecuredPacketExemption
+--------- DisableUnicastResponsesToMulticastBroadcast
+--------- EnableFirewall
+--------- EnableLogDroppedPackets
+--------- EnableLogIgnoredRules
+--------- EnableLogSuccessConnections
+--------- GlobalPortsAllowUserPrefMerge
+--------- LogFilePath
+--------- LogMaxFileSize
+--------- Shielded
```
-./Vendor/MSFT
-Firewall
-----
---------Global
-------------PolicyVersionSupported
-------------CurrentProfiles
-------------DisableStatefulFtp
-------------SaIdleTime
-------------PresharedKeyEncoding
-------------IPsecExempt
-------------CRLcheck
-------------PolicyVersion
-------------BinaryVersionSupported
-------------OpportunisticallyMatchAuthSetPerKM
-------------EnablePacketQueue
---------DomainProfile
-------------EnableFirewall
-------------DisableStealthMode
-------------Shielded
-------------DisableUnicastResponsesToMulticastBroadcast
-------------EnableLogDroppedPackets
-------------EnableLogSuccessConnections
-------------EnableLogIgnoredRules
-------------LogMaxFileSize
-------------LogFilePath
-------------DisableInboundNotifications
-------------AuthAppsAllowUserPrefMerge
-------------GlobalPortsAllowUserPrefMerge
-------------AllowLocalPolicyMerge
-------------AllowLocalIpsecPolicyMerge
-------------DefaultOutboundAction
-------------DefaultInboundAction
-------------DisableStealthModeIpsecSecuredPacketExemption
---------PrivateProfile
-------------EnableFirewall
-------------DisableStealthMode
-------------Shielded
-------------DisableUnicastResponsesToMulticastBroadcast
-------------EnableLogDroppedPackets
-------------EnableLogSuccessConnections
-------------EnableLogIgnoredRules
-------------LogMaxFileSize
-------------LogFilePath
-------------DisableInboundNotifications
-------------AuthAppsAllowUserPrefMerge
-------------GlobalPortsAllowUserPrefMerge
-------------AllowLocalPolicyMerge
-------------AllowLocalIpsecPolicyMerge
-------------DefaultOutboundAction
-------------DefaultInboundAction
-------------DisableStealthModeIpsecSecuredPacketExemption
---------PublicProfile
-------------EnableFirewall
-------------DisableStealthMode
-------------Shielded
-------------DisableUnicastResponsesToMulticastBroadcast
-------------EnableLogDroppedPackets
-------------EnableLogSuccessConnections
-------------EnableLogIgnoredRules
-------------LogMaxFileSize
-------------LogFilePath
-------------DisableInboundNotifications
-------------AuthAppsAllowUserPrefMerge
-------------GlobalPortsAllowUserPrefMerge
-------------AllowLocalPolicyMerge
-------------AllowLocalIpsecPolicyMerge
-------------DefaultOutboundAction
-------------DefaultInboundAction
-------------DisableStealthModeIpsecSecuredPacketExemption
---------FirewallRules
-------------FirewallRuleName
-----------------App
---------------------PackageFamilyName
---------------------FilePath
---------------------Fqbn
---------------------ServiceName
-----------------Protocol
-----------------LocalPortRanges
-----------------RemotePortRanges
-----------------IcmpTypesAndCodes
-----------------LocalAddressRanges
-----------------RemoteAddressRanges
-----------------Description
-----------------Enabled
-----------------Profiles
-----------------Action
---------------------Type
-----------------Direction
-----------------InterfaceTypes
-----------------EdgeTraversal
-----------------LocalUserAuthorizationList
-----------------FriendlyName
-----------------Status
-----------------Name
-----------------RemoteAddressDynamicKeywords
---------DynamicKeywords
-----------------Addresses
--------------------------Id
----------------------------------Keyword
----------------------------------Addresses
----------------------------------AutoResolve
+
+
+
+## MdmStore
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore
```
+
-**./Vendor/MSFT/Firewall**
-Root node for the Firewall configuration service provider.
+
+
+
-**MdmStore**
+
+
Interior node.
-Supported operation is Get.
+
-**MdmStore/Global**
-Interior node.
-Supported operations are Get.
+
+**Description framework properties**:
-**MdmStore/Global/PolicyVersionSupported**
-Integer value that contains the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value isn't merged and is always a fixed value for a particular firewall and advanced security components software build.
-Value type in integer. Supported operation is Get.
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+
-**MdmStore/Global/CurrentProfiles**
-Integer value that contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it's not merged and has no merge law.
-Value type in integer. Supported operation is Get.
+
+
+
-**MdmStore/Global/DisableStatefulFtp**
-Boolean value. If false, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. True means stateful FTP is disabled. The merge law for this option is to let "true" values win.
-Default value is false.
+
-Data type is bool. Supported operations are Add, Get, Replace, and Delete.
+
+### MdmStore/DomainProfile
-**MdmStore/Global/SaIdleTime**
-This value configures the security association idle time, in seconds. Security associations are deleted after network traffic isn't seen for this specified period of time. The value is integer and MUST be in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value.
-Default value is 300.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
-**MdmStore/Global/PresharedKeyEncoding**
-Specifies the preshared key encoding that is used. The value is integer and MUST be a valid value from the PRESHARED_KEY_ENCODING_VALUES enumeration. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value.
-Default value is 1.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile
+```
+
-**MdmStore/Global/IPsecExempt**
-This value configures IPsec exceptions. The value is integer and MUST be a combination of the valid flags that are defined in IPSEC_EXEMPT_VALUES; therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value.
-Default value is 0.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+
+
-**MdmStore/Global/CRLcheck**
-This value specifies how certificate revocation list (CRL) verification is enforced. The value is integer and MUST be 0, 1, or 2. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value. Valid valued:
+
+
+
-- 0 disables CRL checking
-- 1 specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) don't cause certificate validation to fail.
-- 2 means that checking is required and that certificate validation fails if any error is encountered during CRL processing
+
+**Description framework properties**:
-Default value is 0.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+
-**MdmStore/Global/PolicyVersion**
-This value contains the policy version of the policy store being managed. This value isn't merged and therefore, has no merge law.
-Value type is string. Supported operation is Get.
+
+
+
-**MdmStore/Global/BinaryVersionSupported**
-This value contains the binary version of the structures and data types that are supported by the server. This value isn't merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that is supported only on servers that have a schema version of 0x0201.
-Value type is string. Supported operation is Get.
+
-**MdmStore/Global/OpportunisticallyMatchAuthSetPerKM**
-This value is bool used as an on/off switch. When this option is false (off), keying modules MUST ignore the entire authentication set if they don't support all of the authentication suites specified in the set. When this option is true (on), keying modules MUST ignore only the authentication suites that they don’t support. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
-Boolean value. Supported operations are Add, Get, Replace, and Delete.
+
+#### MdmStore/DomainProfile/AllowLocalIpsecPolicyMerge
-**MdmStore/Global/EnablePacketQueue**
-This value specifies how scaling for the software on the receive side is enabled for both the encrypted receive and clear text forward path for the IPsec tunnel gateway scenario. Use of this option also ensures that the packet order is preserved. The data type for this option value is integer and is a combination of flags. Valid values:
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
-- 0x00 indicates that all queuing is to be disabled
-- 0x01 specifies that inbound encrypted packets are to be queued
-- 0x02 specifies that packets are to be queued after decryption is performed for forwarding
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/AllowLocalIpsecPolicyMerge
+```
+
-Default value is 0.
+
+
+This value is an on/off switch. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
+
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+
+
-**MdmStore/DomainProfile**
-Interior node. Supported operation is Get.
+
+**Description framework properties**:
-**MdmStore/PrivateProfile**
-Interior node. Supported operation is Get.
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
-**MdmStore/PublicProfile**
-Interior node. Supported operation is Get.
+
+**Allowed values**:
-**/EnableFirewall**
-Boolean value for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
-Default value is true.
-Value type is bool. Supported operations are Add, Get and Replace.
+| Value | Description |
+|:--|:--|
+| false | AllowLocalIpsecPolicyMerge Off. |
+| true (Default) | AllowLocalIpsecPolicyMerge On. |
+
-**/DisableStealthMode**
-Boolean value. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
-Default value is false.
-Value type is bool. Supported operations are Add, Get and Replace.
+
+
+
-**/Shielded**
-Boolean value. If this value is true and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "true" values win.
-Default value is false.
+
-Value type is bool. Supported operations are Get and Replace.
+
+#### MdmStore/DomainProfile/AllowLocalPolicyMerge
-**/DisableUnicastResponsesToMulticastBroadcast**
-Boolean value. If it's true, unicast responses to multicast broadcast traffic are blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
-Default value is false.
-Value type is bool. Supported operations are Add, Get and Replace.
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
-**/EnableLogDroppedPackets**
-Boolean value. If this value is true, firewall will log all dropped packets. The merge law for this option is to let "on" values win.
-Default value is false. Supported operations are Get and Replace.
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/AllowLocalPolicyMerge
+```
+
-**/EnableLogSuccessConnections**
-Boolean value. If this value is true, firewall will log all successful inbound connections. The merge law for this option is to let "on" values win.
-Default value is false. Supported operations are Get and Replace.
+
+
+This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
+
-**/EnableLogIgnoredRules**
-Boolean value. If this value is true, firewall will log ignored firewall rules. The merge law for this option is to let "on" values win.
-Default value is false. Supported operations are Get and Replace.
+
+
+
-**/LogMaxFileSize**
-Integer value that specifies the size, in kilobytes, of the log file where dropped packets, successful connections and ignored rules are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
-Default value is 1024. Supported operations are Get and Replace
+
+**Description framework properties**:
-**/LogFilePath**
-String value that represents the file path to the log where firewall logs dropped packets, successful connections and ignored rules. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used. Default value is "%systemroot%\system32\LogFiles\Firewall\pfirewall.log". Supported operations are Get and Replace
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
-**/DisableInboundNotifications**
-Boolean value. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
-Default value is false.
-Value type is bool. Supported operations are Add, Get and Replace.
+
+**Allowed values**:
-**/AuthAppsAllowUserPrefMerge**
-Boolean value. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
-Default value is true.
-Value type is bool. Supported operations are Add, Get and Replace.
+| Value | Description |
+|:--|:--|
+| false | AllowLocalPolicyMerge Off. |
+| true (Default) | AllowLocalPolicyMerge On. |
+
-**/GlobalPortsAllowUserPrefMerge**
-Boolean value. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it's set or enumerated in the Group Policy store or if it's enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
-Default value is true.
-Value type is bool. Supported operations are Add, Get and Replace.
+
+
+
-**/AllowLocalPolicyMerge**
-Boolean value. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
-Default value is true.
+
-Value type is bool. Supported operations are Add, Get and Replace.
+
+#### MdmStore/DomainProfile/AuthAppsAllowUserPrefMerge
-**/AllowLocalIpsecPolicyMerge**
-Boolean value. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
-Default value is true.
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
-Value type is bool. Supported operations are Add, Get and Replace.
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/AuthAppsAllowUserPrefMerge
+```
+
-**/DefaultOutboundAction**
-This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. DefaultOutboundAction will allow all outbound traffic unless it's explicitly specified not to allow.
+
+
+This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
-- 0x00000000 - allow
-- 0x00000001 - block
+
+
+
-Default value is 0 (allow).
-Value type is integer. Supported operations are Add, Get and Replace.
+
+**Description framework properties**:
-Sample syncxml to provision the firewall settings to evaluate
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | AuthAppsAllowUserPrefMerge Off. |
+| true (Default) | AuthAppsAllowUserPrefMerge On. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/DomainProfile/DefaultInboundAction
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/DefaultInboundAction
+```
+
+
+
+
+This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Default Value | 1 |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Allow Inbound By Default. |
+| 1 (Default) | Block Inbound By Default. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/DomainProfile/DefaultOutboundAction
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/DefaultOutboundAction
+```
+
+
+
+
+This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Default Value | 0 |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Allow Outbound By Default. |
+| 1 | Block Outbound By Default. |
+
+
+
+
+**Example**:
```xml
@@ -315,217 +502,5222 @@ Sample syncxml to provision the firewall settings to evaluate
-
```
+
-**/DefaultInboundAction**
-This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it's configured; otherwise, the local store value is used.
+
-- 0x00000000 - allow
-- 0x00000001 - block
+
+#### MdmStore/DomainProfile/DisableInboundNotifications
-Default value is 1 (block).
-Value type is integer. Supported operations are Add, Get and Replace.
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
-**/DisableStealthModeIpsecSecuredPacketExemption**
-Boolean value. This option is ignored if DisableStealthMode is true. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
-Default value is true.
-Value type is bool. Supported operations are Add, Get and Replace.
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/DisableInboundNotifications
+```
+
-**FirewallRules**
-A list of rules controlling traffic through the Windows Firewall. Each Rule ID is OR'ed. Within each rule ID each Filter type is AND'ed.
+
+
+This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
-**FirewallRules/_FirewallRuleName_**
-Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/).
-Supported operations are Add, Get, Replace, and Delete.
+
+
+
-**FirewallRules/_FirewallRuleName_/App**
-Rules that control connections for an app, program, or service. Specified based on the intersection of the following nodes:
+
+**Description framework properties**:
-- PackageFamilyName
-- FilePath
-- FQBN
-- ServiceName
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
-If not specified, the default is All.
-Supported operation is Get.
+
+**Allowed values**:
-**FirewallRules/_FirewallRuleName_/App/PackageFamilyName**
-This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+| Value | Description |
+|:--|:--|
+| false (Default) | Firewall May Display Notification. |
+| true | Firewall Must Not Display Notification. |
+
-**FirewallRules/_FirewallRuleName_/App/FilePath**
-This App/Id value represents the full file path of the app. For example, C:\Windows\System\Notepad.exe.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+
+
-**FirewallRules/_FirewallRuleName_/App/Fqbn**
-Fully Qualified Binary Name
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
-**FirewallRules/_FirewallRuleName_/App/ServiceName**
-This parameter is a service name used in cases when a service, not an application, is sending or receiving traffic.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+#### MdmStore/DomainProfile/DisableStealthMode
-**FirewallRules/_FirewallRuleName_/Protocol**
-0-255 number representing the ip protocol (TCP = 6, UDP = 17)
-If not specified, the default is All.
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
-**FirewallRules/_FirewallRuleName_/LocalPortRanges**
-Comma separated list of ranges. For example, 100-120,200,300-320.
-If not specified, the default is All.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/DisableStealthMode
+```
+
-**FirewallRules/_FirewallRuleName_/RemotePortRanges**
-Comma separated list of ranges, For example, 100-120,200,300-320.
-If not specified, the default is All.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+
+This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
-**FirewallRules/_FirewallRuleName_/IcmpTypesAndCodes**
-Comma separated list of ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the “\*” character. For specific ICMP types and codes, use the “:” character to separate the type and code, for example, 3:4, 1:\*. The “\*” character can be used to represent any code. The “\*” character cannot be used to specify any type; examples such as “\*:4” or “\*:\*” are invalid.
-If not specified, the default is All.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+**Description framework properties**:
-**FirewallRules/*FirewallRuleName*/LocalAddressRanges**
-Comma-separated list of local addresses covered by the rule. The default value is "*". Valid tokens include:
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [EnableFirewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
-- "*" indicates any local address. If present, the local address must be the only token included.
-- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.
-- A valid IPv4 address.
-- A valid IPv6 address.
-- An IPv4 address range in the format of "start address - end address" with no spaces included.
-- An IPv6 address range in the format of "start address - end address" with no spaces included.
+
+**Allowed values**:
-If not specified, the default is All.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+| Value | Description |
+|:--|:--|
+| false (Default) | Use Stealth Mode. |
+| true | Disable Stealth Mode. |
+
-**FirewallRules/*FirewallRuleName*/RemoteAddressRanges**
-List of comma separated tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include:
+
+
+
-- "*" indicates any remote address. If present, the address must be the only token included.
-- "Defaultgateway"
-- "DHCP"
-- "DNS"
-- "WINS"
-- "Intranet"
-- "RmtIntranet"
-- "Internet"
-- "Ply2Renders"
-- "LocalSubnet" indicates any local address on the local subnet. This token isn't case-sensitive.
-- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.
-- A valid IPv4 address.
-- A valid IPv6 address.
-- An IPv4 address range in the format of "start address - end address" with no spaces included.
-- An IPv6 address range in the format of "start address - end address" with no spaces included.
+
-If not specified, the default is All.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
-The tokens "Intranet", "RmtIntranet", "Internet" and "Ply2Renders" are supported on Windows 10, version 1809, and later.
+
+#### MdmStore/DomainProfile/DisableStealthModeIpsecSecuredPacketExemption
-**FirewallRules/_FirewallRuleName_/Description**
-Specifies the description of the rule.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
-**FirewallRules/_FirewallRuleName_/Enabled**
-Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
-If not specified - a new rule is enabled by default.
-Boolean value. Supported operations are Get and Replace.
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/DisableStealthModeIpsecSecuredPacketExemption
+```
+
-**FirewallRules/_FirewallRuleName_/Profiles**
-Specifies the profiles to which the rule belongs: Domain, Private, or Public. See [FW_PROFILE_TYPE](/openspecs/windows_protocols/ms-fasp/7704e238-174d-4a5e-b809-5f3787dd8acc) for the bitmasks that are used to identify profile types.
-If not specified, the default is All.
-Value type is integer. Supported operations are Get and Replace.
+
+
+This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
+
-**FirewallRules/_FirewallRuleName_/Action**
-Specifies the action for the rule.
-Supported operation is Get.
+
+
+
-**FirewallRules/_FirewallRuleName_/Action/Type**
-Specifies the action the rule enforces. Supported values:
+
+**Description framework properties**:
-- 0 - Block
-- 1 - Allow
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
-If not specified, the default is allow.
-Value type is integer. Supported operations are Get and Replace.
+
+**Allowed values**:
-**FirewallRules/_FirewallRuleName_/Direction**
-The rule is enabled based on the traffic direction as following. Supported values:
+| Value | Description |
+|:--|:--|
+| false | FALSE. |
+| true (Default) | TRUE. |
+
-- IN - the rule applies to inbound traffic.
-- OUT - the rule applies to outbound traffic.
-- If not specified, the default is Out.
+
+
+
-Value type is string. Supported operations are Get and Replace.
+
-**FirewallRules/_FirewallRuleName_/InterfaceTypes**
-Comma separated list of interface types. Valid values:
+
+#### MdmStore/DomainProfile/DisableUnicastResponsesToMulticastBroadcast
-- RemoteAccess
-- Wireless
-- Lan
-- MBB (i.e. Mobile Broadband)
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
-If not specified, the default is All.
-Value type is string. Supported operations are Get and Replace.
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/DisableUnicastResponsesToMulticastBroadcast
+```
+
-**FirewallRules/_FirewallRuleName_/EdgeTraversal**
-Indicates whether edge traversal is enabled or disabled for this rule.
-The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address.
-New rules have the EdgeTraversal property disabled by default.
-Value type is bool. Supported operations are Add, Get, Replace, and Delete.
+
+
+This value is used as an on/off switch. If it is true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
-**FirewallRules/_FirewallRuleName_/LocalUserAuthorizationList**
-Specifies the list of authorized local users for this rule. This list is a string in Security Descriptor Definition Language (SDDL) format.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+
+
-**FirewallRules/_FirewallRuleName_/Status**
-Provides information about the specific version of the rule in deployment for monitoring purposes.
-Value type is string. Supported operation is Get.
+
+**Description framework properties**:
-**FirewallRules/_FirewallRuleName_/Name**
-Name of the rule.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
-**FirewallRules/_FirewallRuleName_/RemoteAddressDynamicKeywords**
-Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying the remote addresses covered by the rule.
-Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+**Allowed values**:
+| Value | Description |
+|:--|:--|
+| false (Default) | Unicast Responses Not Blocked. |
+| true | Unicast Responses Blocked. |
+
-**MdmStore/DynamicKeywords**
-Interior node.
-Supported operation is Get.
+
+
+
-**MdmStore/DynamicKeywords/Addresses**
-Interior node.
-Supported operation is Get.
+
-**MdmStore/DynamicKeywords/Addresses/Id**
+
+#### MdmStore/DomainProfile/EnableFirewall
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+```
+
+
+
+
+This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Replace |
+| Default Value | true |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | Disable Firewall. |
+| true (Default) | Enable Firewall. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/DomainProfile/EnableLogDroppedPackets
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableLogDroppedPackets
+```
+
+
+
+
+This value is used as an on/off switch. If this value is on, the firewall logs all the dropped packets. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Disable Logging Of Dropped Packets. |
+| true | Enable Logging Of Dropped Packets. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/DomainProfile/EnableLogIgnoredRules
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableLogIgnoredRules
+```
+
+
+
+
+This value is used as an on/off switch. The server MAY use this value in an implementation-specific way to control logging of events if a rule is not enforced for any reason. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Disable Logging Of Ignored Rules. |
+| true | Enable Logging Of Ignored Rules. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/DomainProfile/EnableLogSuccessConnections
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableLogSuccessConnections
+```
+
+
+
+
+This value is used as an on/off switch. If this value is on, the firewall logs all successful inbound connections. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Disable Logging Of Successful Connections. |
+| true | Enable Logging Of Successful Connections. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/DomainProfile/GlobalPortsAllowUserPrefMerge
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/GlobalPortsAllowUserPrefMerge
+```
+
+
+
+
+This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | GlobalPortsAllowUserPrefMerge Off. |
+| true (Default) | GlobalPortsAllowUserPrefMerge On. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/DomainProfile/LogFilePath
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/LogFilePath
+```
+
+
+
+
+This value is a string that represents a file path to the log where the firewall logs dropped packets and successful connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Get, Replace |
+| Default Value | %systemroot%\system32\LogFiles\Firewall\pfirewall.log |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+
+
+
+
+
+
+#### MdmStore/DomainProfile/LogMaxFileSize
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/LogMaxFileSize
+```
+
+
+
+
+This value specifies the size, in kilobytes, of the log file where dropped packets and successful connections are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Allowed Values | Range: `[0-4294967295]` |
+| Default Value | 1024 |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+
+
+
+
+
+
+#### MdmStore/DomainProfile/Shielded
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DomainProfile/Shielded
+```
+
+
+
+
+This value is used as an on/off switch. If this value is on and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Shielding Off. |
+| true | Shielding On. |
+
+
+
+
+
+
+
+
+
+### MdmStore/DynamicKeywords
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DynamicKeywords
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### MdmStore/DynamicKeywords/Addresses
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DynamicKeywords/Addresses
+```
+
+
+
+
+A list of dynamic keyword addresses for use within firewall rules. Dynamic keyword addresses can either be a simple alias object or fully-qualified domain names which will be auto-resolved in the presence of the Microsoft Defender Advanced Threat Protection Service.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+##### MdmStore/DynamicKeywords/Addresses/{Id}
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DynamicKeywords/Addresses/{Id}
+```
+
+
+
+
A unique GUID string identifier for this dynamic keyword address.
-Value type is string. Supported operations are Add, Delete, and Get.
+
-**MdmStore/DynamicKeywords/Addresses/Id/Keyword**
-A String representing a keyword. If the AutoResolve value is true, this should be a Fully Qualified Domain Name (wildcards accepted, for example "contoso.com" or "*.contoso.com").
-Value type is string. Supported operations are Add, Delete, and Get.
+
+
+
-**MdmStore/DynamicKeywords/Addresses/Id/Addresses**
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Add, Delete, Get |
+| Atomic Required | True |
+| Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
+| Allowed Values | Regular Expression: `\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` |
+
+
+
+
+
+
+
+
+
+###### MdmStore/DynamicKeywords/Addresses/{Id}/Addresses
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DynamicKeywords/Addresses/{Id}/Addresses
+```
+
+
+
+
Consists of one or more comma-delimited tokens specifying the addresses covered by this keyword. This value should not be set if AutoResolve is true.
-
Valid tokens include:
-- A subnet specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.
-- A valid IPv4 address.
-- A valid IPv6 address.
-- An IPv4 address range in the format of "start address-end address" with no spaces included.
-- An IPv6 address range in the format of "start address-end address" with no spaces included.
-Supported operations are Add, Delete, Replace, and Get.
+A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+A valid IPv6 address.
+An IPv4 address range in the format of "start address - end address" with no spaces included.
+An IPv6 address range in the format of "start address - end address" with no spaces included.
+
-**MdmStore/DynamicKeywords/Addresses/Id/AutoResolve**
-Boolean value. If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a Fully Qualified Domain Name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present.
-Value type is string. Supported operations are Add, Delete, and Get.
-Value type is string. Supported operations are Add, Delete, and Get.
+
+
+
+
+**Description framework properties**:
-## Related topics
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
+| Dependency [AutoResolve False] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/DynamicKeywords/Addresses/[Id]/AutoResolve`
Dependency Allowed Value: `false`
Dependency Allowed Value Type: `ENUM`
|
+
-[Configuration service provider reference](index.yml)
+
+
+
+
+
+
+
+###### MdmStore/DynamicKeywords/Addresses/{Id}/AutoResolve
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DynamicKeywords/Addresses/{Id}/AutoResolve
+```
+
+
+
+
+If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a fully qualified domain name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Add, Delete, Get |
+| Default Value | false |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | AutoResolve False. |
+| true | AutoResolve True. |
+
+
+
+
+
+
+
+
+
+###### MdmStore/DynamicKeywords/Addresses/{Id}/Keyword
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/DynamicKeywords/Addresses/{Id}/Keyword
+```
+
+
+
+
+A String representing keyword. If the AutoResolve value is true, this should be a Fully Qualified Domain name (wildcards accepted, for example "contoso.com" or "*.contoso.com"). If the AutoResolve value is false, then this can be any identifier string.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get |
+
+
+
+
+
+
+
+
+
+### MdmStore/FirewallRules
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules
+```
+
+
+
+
+A list of rules controlling traffic through the Windows Firewall. Each Rule ID is ORed. Within each rule ID each Filter type is AND'ed.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### MdmStore/FirewallRules/{FirewallRuleName}
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}
+```
+
+
+
+
+Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/).
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Add, Delete, Get, Replace |
+| Atomic Required | True |
+| Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
+| Allowed Values | Regular Expression: `^[^|/]*$` |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/Action
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/Action
+```
+
+
+
+
+Specifies the action for the rule.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+###### MdmStore/FirewallRules/{FirewallRuleName}/Action/Type
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/Action/Type
+```
+
+
+
+
+Specifies the action the rule enforces:
+0 - Block
+1 - Allow.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Default Value | 1 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Block. |
+| 1 (Default) | Allow. |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/App
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/App
+```
+
+
+
+
+Rules that control connections for an app, program or service.
+
+Specified based on the intersection of the following nodes.
+
+PackageFamilyName
+FilePath
+FQBN
+ServiceName.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+###### MdmStore/FirewallRules/{FirewallRuleName}/App/FilePath
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/App/FilePath
+```
+
+
+
+
+FilePath - This App/Id value represents the full file path of the app. For example, C:\Windows\System\Notepad.exe.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+
+
+
+
+
+###### MdmStore/FirewallRules/{FirewallRuleName}/App/Fqbn
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/App/Fqbn
+```
+
+
+
+
+Fully Qualified Binary Name.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+
+
+
+
+
+###### MdmStore/FirewallRules/{FirewallRuleName}/App/PackageFamilyName
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/App/PackageFamilyName
+```
+
+
+
+
+PackageFamilyName - This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+
+
+
+
+
+###### MdmStore/FirewallRules/{FirewallRuleName}/App/ServiceName
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/App/ServiceName
+```
+
+
+
+
+This is a service name, and is used in cases when a service, not an application, must be sending or receiving traffic.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/Description
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/Description
+```
+
+
+
+
+Specifies the description of the rule.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/Direction
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/Direction
+```
+
+
+
+
+Comma separated list. The rule is enabled based on the traffic direction as following.
+
+IN - the rule applies to inbound traffic.
+OUT - the rule applies to outbound traffic.
+
+If not specified the default is OUT.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Get, Replace |
+| Default Value | OUT |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| IN | The rule applies to inbound traffic. |
+| OUT (Default) | The rule applies to outbound traffic. |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/EdgeTraversal
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/EdgeTraversal
+```
+
+
+
+
+Indicates whether edge traversal is enabled or disabled for this rule.
+
+The EdgeTraversal property indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address.
+
+New rules have the EdgeTraversal property disabled by default.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Disabled. |
+| 1 | Enabled. |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/Enabled
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/Enabled
+```
+
+
+
+
+Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
+If not specified - a new rule is disabled by default.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Disabled. |
+| 1 | Enabled. |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/IcmpTypesAndCodes
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 21H1 [10.0.19043] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/IcmpTypesAndCodes
+```
+
+
+
+
+
+
+
+
+Comma separated list of ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the "\*" character. For specific ICMP types and codes, use the ":" character to separate the type and code, for example, 3:4, 1:\*. The "\*" character can be used to represent any code. The "\*" character cannot be used to specify any type; examples such as "\*:4" or "\*:\*" are invalid. If not specified, the default is All.
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/InterfaceTypes
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/InterfaceTypes
+```
+
+
+
+
+String value. Multiple interface types can be included in the string by separating each value with a ",". Acceptable values are "RemoteAccess", "Wireless", "Lan", "MBB", and "All".
+If more than one interface type is specified, the strings must be separated by a comma.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | All |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| RemoteAccess | RemoteAccess. |
+| Wireless | Wireless. |
+| Lan | Lan. |
+| MBB | MobileBroadband. |
+| All (Default) | All. |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/LocalAddressRanges
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/LocalAddressRanges
+```
+
+
+
+
+Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value.
+Valid tokens include:
+"*" indicates any local address. If present, this must be the only token included.
+
+A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+A valid IPv6 address.
+An IPv4 address range in the format of "start address - end address" with no spaces included.
+An IPv6 address range in the format of "start address - end address" with no spaces included. If not specified the default is All.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/LocalPortRanges
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/LocalPortRanges
+```
+
+
+
+
+Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/LocalUserAuthorizedList
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/LocalUserAuthorizedList
+```
+
+
+
+
+Specifies the list of authorized local users for the app container.
+This is a string in Security Descriptor Definition Language (SDDL) format..
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | `` |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/Name
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/Name
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/PolicyAppId
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/PolicyAppId
+```
+
+
+
+
+Specifies one WDAC tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ".", and "_".
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Regular Expression: `^[A-Za-z0-9_.:/]+$` |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/Profiles
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/Profiles
+```
+
+
+
+
+Specifies the profiles to which the rule belongs: Domain, Private, Public. See [FW_PROFILE_TYPE](/openspecs/windows_protocols/ms-fasp/7704e238-174d-4a5e-b809-5f3787dd8acc) for the bitmasks that are used to identify profile types. If not specified, the default is All.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+
+
+
+**Allowed values**:
+
+| Flag | Description |
+|:--|:--|
+| 0x1 | FW_PROFILE_TYPE_DOMAIN: This value represents the profile for networks that are connected to domains. |
+| 0x2 | FW_PROFILE_TYPE_STANDARD: This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they are in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE: This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD. |
+| 0x4 | FW_PROFILE_TYPE_PUBLIC: This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator are not trusted. |
+| 0x7FFFFFFF | FW_PROFILE_TYPE_ALL: This value represents all these network sets and any future network sets. |
+| 0x80000000 | FW_PROFILE_TYPE_CURRENT: This value represents the current profiles to which the firewall and advanced security components determine the host is connected at the moment of the call. This value can be specified only in method calls, and it cannot be combined with other flags. |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/Protocol
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/Protocol
+```
+
+
+
+
+0-255 number representing the ip protocol (TCP = 6, UDP = 17). If not specified the default is All.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-255]` |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/RemoteAddressDynamicKeywords
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/RemoteAddressDynamicKeywords
+```
+
+
+
+
+Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying the remote addresses covered by the rule.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Regular Expression: `\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/RemoteAddressRanges
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/RemoteAddressRanges
+```
+
+
+
+
+Consists of one or more comma-delimited tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include:
+"*" indicates any remote address. If present, this must be the only token included.
+"Defaultgateway"
+"DHCP"
+"DNS"
+"WINS"
+"Intranet"
+"RemoteCorpNetwork"
+"Internet"
+"PlayToRenderers"
+"LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive.
+A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+A valid IPv6 address.
+An IPv4 address range in the format of "start address - end address" with no spaces included.
+An IPv6 address range in the format of "start address - end address" with no spaces included. If not specified the default is All.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/RemotePortRanges
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/RemotePortRanges
+```
+
+
+
+
+Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
+
+
+
+
+
+
+
+
+
+##### MdmStore/FirewallRules/{FirewallRuleName}/Status
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/FirewallRules/{FirewallRuleName}/Status
+```
+
+
+
+
+Provides information about the specific version of the rule in deployment for monitoring purposes.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+### MdmStore/Global
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/Global
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### MdmStore/Global/BinaryVersionSupported
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/Global/BinaryVersionSupported
+```
+
+
+
+
+This value contains the binary version of the structures and data types that are supported by the server. This value is not merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that is supported only on servers that have a schema version of 0x0201.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### MdmStore/Global/CRLcheck
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/Global/CRLcheck
+```
+
+
+
+
+This value specifies how certificate revocation list (CRL) verification is enforced. The value MUST be 0, 1, or 2. A value of 0 disables CRL checking. A value of 1 specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail. A value of 2 means that checking is required and that certificate validation fails if any error is encountered during CRL processing. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Disables CRL checking. |
+| 1 | Specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail. |
+| 2 | Means that checking is required and that certificate validation fails if any error is encountered during CRL processing. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/Global/CurrentProfiles
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/Global/CurrentProfiles
+```
+
+
+
+
+Value that contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See [FW_PROFILE_TYPE](/openspecs/windows_protocols/ms-fasp/7704e238-174d-4a5e-b809-5f3787dd8acc) for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it is not merged and has no merge law.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### MdmStore/Global/DisableStatefulFtp
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/Global/DisableStatefulFtp
+```
+
+
+
+
+This value is an on/off switch. If off, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. FALSE means off; TRUE means on, so the stateful FTP is disabled. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Stateful FTP enabled. |
+| true | Stateful FTP disabled. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/Global/EnablePacketQueue
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/Global/EnablePacketQueue
+```
+
+
+
+
+This value specifies how scaling for the software on the receive side is enabled for both the encrypted receive and clear text forward path for the IPsec tunnel gateway scenario. Use of this option also ensures that the packet order is preserved. The data type for this option value is a integer and is a combination of flags. A value of 0x00 indicates that all queuing is to be disabled. A value of 0x01 specifies that inbound encrypted packets are to be queued. A value of 0x02 specifies that packets are to be queued after decryption is performed for forwarding.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Default Value | 0x0 |
+
+
+
+**Allowed values**:
+
+| Flag | Description |
+|:--|:--|
+| 0x0 (Default) | Indicates that all queuing is to be disabled. |
+| 0x1 | Specifies that inbound encrypted packets are to be queued. |
+| 0x2 | Specifies that packets are to be queued after decryption is performed for forwarding. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/Global/IPsecExempt
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/Global/IPsecExempt
+```
+
+
+
+
+This value configures IPsec exceptions and MUST be a combination of the valid flags that are defined in [IPSEC_EXEMPT_VALUES](/openspecs/windows_protocols/ms-fasp/7daabd9f-74c3-4295-add6-e2402b01b191); therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Default Value | 0x0 |
+
+
+
+**Allowed values**:
+
+| Flag | Description |
+|:--|:--|
+| 0x0 (Default) | FW_GLOBAL_CONFIG_IPSEC_EXEMPT_NONE: No IPsec exemptions. |
+| 0x1 | FW_GLOBAL_CONFIG_IPSEC_EXEMPT_NEIGHBOR_DISC: Exempt neighbor discover IPv6 ICMP type-codes from IPsec. |
+| 0x2 | FW_GLOBAL_CONFIG_IPSEC_EXEMPT_ICMP: Exempt ICMP from IPsec. |
+| 0x4 | FW_GLOBAL_CONFIG_IPSEC_EXEMPT_ROUTER_DISC: Exempt router discover IPv6 ICMP type-codes from IPsec. |
+| 0x8 | FW_GLOBAL_CONFIG_IPSEC_EXEMPT_DHCP: Exempt both IPv4 and IPv6 DHCP traffic from IPsec. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/Global/OpportunisticallyMatchAuthSetPerKM
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/Global/OpportunisticallyMatchAuthSetPerKM
+```
+
+
+
+
+This value is used as an on/off switch. When this option is false, keying modules MUST ignore the entire authentication set if they do not support all of the authentication suites specified in the set. When this option is true, keying modules MUST ignore only the authentication suites that they don't support. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | FALSE. |
+| true | TRUE. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/Global/PolicyVersion
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/Global/PolicyVersion
+```
+
+
+
+
+This value contains the policy version of the policy store being managed. This value is not merged and therefore, has no merge law.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### MdmStore/Global/PolicyVersionSupported
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/Global/PolicyVersionSupported
+```
+
+
+
+
+Value that contains the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value is not merged and is always a fixed value for a particular firewall and advanced security components software build.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### MdmStore/Global/PresharedKeyEncoding
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/Global/PresharedKeyEncoding
+```
+
+
+
+
+Specifies the preshared key encoding that is used. MUST be a valid value from the [PRESHARED_KEY_ENCODING_VALUES](/openspecs/windows_protocols/ms-fasp/b9d24a5e-7755-4c60-adeb-e0c7a718f909) enumeration. Default is 1 [UTF-8]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Default Value | 1 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_NONE: Preshared key is not encoded. Instead, it is kept in its wide-character format. This symbolic constant has a value of 0. |
+| 1 (Default) | FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_UTF_8: Encode the preshared key using UTF-8. This symbolic constant has a value of 1. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/Global/SaIdleTime
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/Global/SaIdleTime
+```
+
+
+
+
+This value configures the security association idle time, in seconds. Security associations are deleted after network traffic is not seen for this specified period of time. The value MUST be in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Allowed Values | Range: `[300-3600]` |
+| Default Value | 300 |
+
+
+
+
+
+
+
+
+
+### MdmStore/HyperVFirewallRules
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules
+```
+
+
+
+
+A list of rules controlling traffic through the Windows Firewall for Hyper-V containers. Each Rule ID is ORed. Within each rule ID each Filter type is AND'ed.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### MdmStore/HyperVFirewallRules/{FirewallRuleName}
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}
+```
+
+
+
+
+Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/).
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Add, Delete, Get, Replace |
+| Atomic Required | True |
+| Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
+| Allowed Values | Regular Expression: `^[^|/]*$` |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/Action
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/Action
+```
+
+
+
+
+Specifies the action for the rule.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+###### MdmStore/HyperVFirewallRules/{FirewallRuleName}/Action/Type
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/Action/Type
+```
+
+
+
+
+Specifies the action the rule enforces:
+0 - Block
+1 - Allow.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Default Value | 1 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Block. |
+| 1 (Default) | Allow. |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/Direction
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/Direction
+```
+
+
+
+
+Comma separated list. The rule is enabled based on the traffic direction as following.
+
+IN - the rule applies to inbound traffic.
+OUT - the rule applies to outbound traffic.
+
+If not specified the default is OUT.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Get, Replace |
+| Default Value | OUT |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| IN | The rule applies to inbound traffic. |
+| OUT (Default) | The rule applies to outbound traffic. |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/Enabled
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/Enabled
+```
+
+
+
+
+Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
+If not specified - a new rule is disabled by default.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Disabled. |
+| 1 | Enabled. |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/LocalAddressRanges
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/LocalAddressRanges
+```
+
+
+
+
+Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value.
+Valid tokens include:
+"*" indicates any local address. If present, this must be the only token included.
+
+A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+A valid IPv6 address.
+An IPv4 address range in the format of "start address - end address" with no spaces included.
+An IPv6 address range in the format of "start address - end address" with no spaces included. If not specified the default is All.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/LocalPortRanges
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/LocalPortRanges
+```
+
+
+
+
+Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/Name
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/Name
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/Priority
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/Priority
+```
+
+
+
+
+0-255 number representing the IANA Internet Protocol (TCP = 6, UDP = 17). If not specified the default is All.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-255]` |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/Protocol
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/Protocol
+```
+
+
+
+
+0-255 number representing the ip protocol (TCP = 6, UDP = 17). If not specified the default is All.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-65535]` |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/RemoteAddressRanges
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/RemoteAddressRanges
+```
+
+
+
+
+Consists of one or more comma-delimited tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include:
+"*" indicates any remote address. If present, this must be the only token included.
+A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+A valid IPv6 address.
+An IPv4 address range in the format of "start address - end address" with no spaces included.
+An IPv6 address range in the format of "start address - end address" with no spaces included. If not specified the default is All.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/RemotePortRanges
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/RemotePortRanges
+```
+
+
+
+
+Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `,`) |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/Status
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/Status
+```
+
+
+
+
+Provides information about the specific version of the rule in deployment for monitoring purposes.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVFirewallRules/{FirewallRuleName}/VMCreatorId
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVFirewallRules/{FirewallRuleName}/VMCreatorId
+```
+
+
+
+
+This field specifies the VM Creator ID that this rule is applicable to. A NULL GUID will result in this rule applying to all VM creators.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Regular Expression: `\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` |
+
+
+
+
+
+
+
+
+
+### MdmStore/HyperVVMSettings
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings
+```
+
+
+
+
+Settings for the Windows Firewall for Hyper-V containers. Each setting applies on a per-VM Creator basis.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### MdmStore/HyperVVMSettings/{VMCreatorId}
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/{VMCreatorId}
+```
+
+
+
+
+VM Creator ID that these settings apply to. Valid format is a GUID.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Add, Delete, Get, Replace |
+| Atomic Required | True |
+| Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
+| Allowed Values | Regular Expression: `\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVVMSettings/{VMCreatorId}/DefaultInboundAction
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/{VMCreatorId}/DefaultInboundAction
+```
+
+
+
+
+This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Default Value | 1 |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Allow Inbound By Default. |
+| 1 (Default) | Block Inbound By Default. |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVVMSettings/{VMCreatorId}/DefaultOutboundAction
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/{VMCreatorId}/DefaultOutboundAction
+```
+
+
+
+
+This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Default Value | 0 |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Allow Outbound By Default. |
+| 1 | Block Outbound By Default. |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVVMSettings/{VMCreatorId}/EnableFirewall
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/{VMCreatorId}/EnableFirewall
+```
+
+
+
+
+This value is an on/off switch for the firewall and advanced security enforcement.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Replace |
+| Default Value | true |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | Disable Firewall. |
+| true (Default) | Enable Firewall. |
+
+
+
+
+
+
+
+
+
+##### MdmStore/HyperVVMSettings/{VMCreatorId}/EnableLoopback
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/{VMCreatorId}/EnableLoopback
+```
+
+
+
+
+This value is an on/off switch for loopback traffic. This determines if this VM type is able to send/receive loopback traffic.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Replace |
+| Default Value | false |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Disable loopback. |
+| true | Enable loopback. |
+
+
+
+
+
+
+
+
+
+### MdmStore/PrivateProfile
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/AllowLocalIpsecPolicyMerge
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/AllowLocalIpsecPolicyMerge
+```
+
+
+
+
+This value is an on/off switch. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | AllowLocalIpsecPolicyMerge Off. |
+| true (Default) | AllowLocalIpsecPolicyMerge On. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/AllowLocalPolicyMerge
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/AllowLocalPolicyMerge
+```
+
+
+
+
+This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | AllowLocalPolicyMerge Off. |
+| true (Default) | AllowLocalPolicyMerge On. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/AuthAppsAllowUserPrefMerge
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/AuthAppsAllowUserPrefMerge
+```
+
+
+
+
+This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | AuthAppsAllowUserPrefMerge Off. |
+| true (Default) | AuthAppsAllowUserPrefMerge On. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/DefaultInboundAction
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DefaultInboundAction
+```
+
+
+
+
+This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Default Value | 1 |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Allow Inbound By Default. |
+| 1 (Default) | Block Inbound By Default. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/DefaultOutboundAction
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DefaultOutboundAction
+```
+
+
+
+
+This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Default Value | 0 |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Allow Outbound By Default. |
+| 1 | Block Outbound By Default. |
+
+
+
+
+**Example**:
+
+```xml
+
+
+
+
+
+ 2010
+ -
+
+ ./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DefaultOutboundAction
+
+
+ int
+
+ 1
+
+
+
+
+
+```
+
+
+
+
+
+#### MdmStore/PrivateProfile/DisableInboundNotifications
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DisableInboundNotifications
+```
+
+
+
+
+This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Firewall May Display Notification. |
+| true | Firewall Must Not Display Notification. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/DisableStealthMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DisableStealthMode
+```
+
+
+
+
+This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Use Stealth Mode. |
+| true | Disable Stealth Mode. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/DisableStealthModeIpsecSecuredPacketExemption
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DisableStealthModeIpsecSecuredPacketExemption
+```
+
+
+
+
+This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | FALSE. |
+| true (Default) | TRUE. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/DisableUnicastResponsesToMulticastBroadcast
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DisableUnicastResponsesToMulticastBroadcast
+```
+
+
+
+
+This value is used as an on/off switch. If it is true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Unicast Responses Not Blocked. |
+| true | Unicast Responses Blocked. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/EnableFirewall
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+```
+
+
+
+
+This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Add, Get, Replace |
+| Default Value | true |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | Disable Firewall. |
+| true (Default) | Enable Firewall. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/EnableLogDroppedPackets
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableLogDroppedPackets
+```
+
+
+
+
+This value is used as an on/off switch. If this value is on, the firewall logs all the dropped packets. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Disable Logging Of Dropped Packets. |
+| true | Enable Logging Of Dropped Packets. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/EnableLogIgnoredRules
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableLogIgnoredRules
+```
+
+
+
+
+This value is used as an on/off switch. The server MAY use this value in an implementation-specific way to control logging of events if a rule is not enforced for any reason. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Disable Logging Of Ignored Rules. |
+| true | Enable Logging Of Ignored Rules. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/EnableLogSuccessConnections
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableLogSuccessConnections
+```
+
+
+
+
+This value is used as an on/off switch. If this value is on, the firewall logs all successful inbound connections. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Disable Logging Of Successful Connections. |
+| true | Enable Logging Of Successful Connections. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/GlobalPortsAllowUserPrefMerge
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/GlobalPortsAllowUserPrefMerge
+```
+
+
+
+
+This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | GlobalPortsAllowUserPrefMerge Off. |
+| true (Default) | GlobalPortsAllowUserPrefMerge On. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/LogFilePath
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/LogFilePath
+```
+
+
+
+
+This value is a string that represents a file path to the log where the firewall logs dropped packets and successful connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Get, Replace |
+| Default Value | %systemroot%\system32\LogFiles\Firewall\pfirewall.log |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/LogMaxFileSize
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/LogMaxFileSize
+```
+
+
+
+
+This value specifies the size, in kilobytes, of the log file where dropped packets and successful connections are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Allowed Values | Range: `[0-4294967295]` |
+| Default Value | 1024 |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+
+
+
+
+
+
+#### MdmStore/PrivateProfile/Shielded
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/Shielded
+```
+
+
+
+
+This value is used as an on/off switch. If this value is on and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Shielding Off. |
+| true | Shielding On. |
+
+
+
+
+
+
+
+
+
+### MdmStore/PublicProfile
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/AllowLocalIpsecPolicyMerge
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/AllowLocalIpsecPolicyMerge
+```
+
+
+
+
+This value is an on/off switch. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | AllowLocalIpsecPolicyMerge Off. |
+| true (Default) | AllowLocalIpsecPolicyMerge On. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/AllowLocalPolicyMerge
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/AllowLocalPolicyMerge
+```
+
+
+
+
+This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | AllowLocalPolicyMerge Off. |
+| true (Default) | AllowLocalPolicyMerge On. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/AuthAppsAllowUserPrefMerge
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/AuthAppsAllowUserPrefMerge
+```
+
+
+
+
+This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | AuthAppsAllowUserPrefMerge Off. |
+| true (Default) | AuthAppsAllowUserPrefMerge On. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/DefaultInboundAction
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/DefaultInboundAction
+```
+
+
+
+
+This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Default Value | 1 |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Allow Inbound By Default. |
+| 1 (Default) | Block Inbound By Default. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/DefaultOutboundAction
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/DefaultOutboundAction
+```
+
+
+
+
+This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Default Value | 0 |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Allow Outbound By Default. |
+| 1 | Block Outbound By Default. |
+
+
+
+
+**Example**:
+
+```xml
+
+
+
+
+
+ 2010
+ -
+
+ ./Vendor/MSFT/Firewall/MdmStore/PublicProfile/DefaultOutboundAction
+
+
+ int
+
+ 1
+
+
+
+
+
+```
+
+
+
+
+
+#### MdmStore/PublicProfile/DisableInboundNotifications
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/DisableInboundNotifications
+```
+
+
+
+
+This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Firewall May Display Notification. |
+| true | Firewall Must Not Display Notification. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/DisableStealthMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/DisableStealthMode
+```
+
+
+
+
+This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Use Stealth Mode. |
+| true | Disable Stealth Mode. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/DisableStealthModeIpsecSecuredPacketExemption
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/DisableStealthModeIpsecSecuredPacketExemption
+```
+
+
+
+
+This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | FALSE. |
+| true (Default) | TRUE. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/DisableUnicastResponsesToMulticastBroadcast
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/DisableUnicastResponsesToMulticastBroadcast
+```
+
+
+
+
+This value is used as an on/off switch. If it is true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Unicast Responses Not Blocked. |
+| true | Unicast Responses Blocked. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/EnableFirewall
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+```
+
+
+
+
+This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | Disable Firewall. |
+| true (Default) | Enable Firewall. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/EnableLogDroppedPackets
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableLogDroppedPackets
+```
+
+
+
+
+This value is used as an on/off switch. If this value is on, the firewall logs all the dropped packets. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Disable Logging Of Dropped Packets. |
+| true | Enable Logging Of Dropped Packets. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/EnableLogIgnoredRules
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableLogIgnoredRules
+```
+
+
+
+
+This value is used as an on/off switch. The server MAY use this value in an implementation-specific way to control logging of events if a rule is not enforced for any reason. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Disable Logging Of Ignored Rules. |
+| true | Enable Logging Of Ignored Rules. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/EnableLogSuccessConnections
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableLogSuccessConnections
+```
+
+
+
+
+This value is used as an on/off switch. If this value is on, the firewall logs all successful inbound connections. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Disable Logging Of Successful Connections. |
+| true | Enable Logging Of Successful Connections. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/GlobalPortsAllowUserPrefMerge
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/GlobalPortsAllowUserPrefMerge
+```
+
+
+
+
+This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | true |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | GlobalPortsAllowUserPrefMerge Off. |
+| true (Default) | GlobalPortsAllowUserPrefMerge On. |
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/LogFilePath
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/LogFilePath
+```
+
+
+
+
+This value is a string that represents a file path to the log where the firewall logs dropped packets and successful connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Get, Replace |
+| Default Value | %systemroot%\system32\LogFiles\Firewall\pfirewall.log |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/LogMaxFileSize
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/LogMaxFileSize
+```
+
+
+
+
+This value specifies the size, in kilobytes, of the log file where dropped packets and successful connections are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get, Replace |
+| Allowed Values | Range: `[0-4294967295]` |
+| Default Value | 1024 |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+
+
+
+
+
+
+#### MdmStore/PublicProfile/Shielded
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
+
+
+```Device
+./Vendor/MSFT/Firewall/MdmStore/PublicProfile/Shielded
+```
+
+
+
+
+This value is used as an on/off switch. If this value is on and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Get, Replace |
+| Default Value | false |
+| Dependency [Enable Firewall] | Dependency Type: `DependsOn`
Dependency URI: `Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall`
Dependency Allowed Value: `true`
Dependency Allowed Value Type: `ENUM`
|
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Shielding Off. |
+| true | Shielding On. |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Related articles
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index c270f2f6f9..a55d7cb441 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -1,38 +1,80 @@
---
title: Firewall DDF file
-description: Learn about the OMA DM device description framework (DDF) for the Firewall configuration service provider.
+description: View the XML file containing the device description framework (DDF) for the Firewall configuration service provider.
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
-ms.topic: article
+ms.date: 02/27/2023
+ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 12/05/2017
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
-# Firewall CSP
+
+# Firewall DDF file
-This topic shows the OMA DM device description framework (DDF) for the **Firewall** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
+The following XML file contains the device description framework (DDF) for the Firewall configuration service provider.
```xml
-]>
+]>
1.2
+
+
+
+ Firewall
+ ./Vendor/MSFT
+
+
+
+
+ Root node for the Firewall configuration service provider.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.16299
+ 1.0
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;
+
+
+
+ MdmStore
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
- Firewall
- ./Vendor/MSFT
+ Global
- Root node for the Firewall configuration service provider.
@@ -43,17 +85,18 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
-
+
- MdmStore
+ PolicyVersionSupported
+ Value that contains the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value is not merged and is always a fixed value for a particular firewall and advanced security components software build.
-
+
@@ -62,1214 +105,2973 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
-
+
+
+
+ CurrentProfiles
+
+
+
+
+ Value that contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it is not merged and has no merge law.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ DisableStatefulFtp
+
+
+
+
+
+ false
+ This value is an on/off switch. If off, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. FALSE means off; TRUE means on, so the stateful FTP is disabled. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Stateful FTP enabled
+
+
+ true
+ Stateful FTP disabled
+
+
+
+
+
+ SaIdleTime
+
+
+
+
+
+ 300
+ This value configures the security association idle time, in seconds. Security associations are deleted after network traffic is not seen for this specified period of time. The value MUST be in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [300-3600]
+
+
+
+
+ PresharedKeyEncoding
+
+
+
+
+
+ 1
+ Specifies the preshared key encoding that is used. MUST be a valid value from the PRESHARED_KEY_ENCODING_VALUES enumeration. Default is 1 [UTF-8]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_NONE: Preshared key is not encoded. Instead, it is kept in its wide-character format. This symbolic constant has a value of 0.
+
+
+ 1
+ FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_UTF_8: Encode the preshared key using UTF-8. This symbolic constant has a value of 1.
+
+
+
+
+
+ IPsecExempt
+
+
+
+
+
+ 0x0
+ This value configures IPsec exceptions and MUST be a combination of the valid flags that are defined in IPSEC_EXEMPT_VALUES; therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0x0
+ FW_GLOBAL_CONFIG_IPSEC_EXEMPT_NONE: No IPsec exemptions.
+
+
+ 0x1
+ FW_GLOBAL_CONFIG_IPSEC_EXEMPT_NEIGHBOR_DISC: Exempt neighbor discover IPv6 ICMP type-codes from IPsec.
+
+
+ 0x2
+ FW_GLOBAL_CONFIG_IPSEC_EXEMPT_ICMP: Exempt ICMP from IPsec.
+
+
+ 0x4
+ FW_GLOBAL_CONFIG_IPSEC_EXEMPT_ROUTER_DISC: Exempt router discover IPv6 ICMP type-codes from IPsec.
+
+
+ 0x8
+ FW_GLOBAL_CONFIG_IPSEC_EXEMPT_DHCP: Exempt both IPv4 and IPv6 DHCP traffic from IPsec.
+
+
+
+
+
+ CRLcheck
+
+
+
+
+
+ This value specifies how certificate revocation list (CRL) verification is enforced. The value MUST be 0, 1, or 2. A value of 0 disables CRL checking. A value of 1 specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail. A value of 2 means that checking is required and that certificate validation fails if any error is encountered during CRL processing. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ Disables CRL checking
+
+
+ 1
+ Specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail.
+
+
+ 2
+ Means that checking is required and that certificate validation fails if any error is encountered during CRL processing
+
+
+
+
+
+ PolicyVersion
+
+
+
+
+ This value contains the policy version of the policy store being managed. This value is not merged and therefore, has no merge law.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ BinaryVersionSupported
+
+
+
+
+ This value contains the binary version of the structures and data types that are supported by the server. This value is not merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that is supported only on servers that have a schema version of 0x0201.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ OpportunisticallyMatchAuthSetPerKM
+
+
+
+
+
+ This value is used as an on/off switch. When this option is false, keying modules MUST ignore the entire authentication set if they do not support all of the authentication suites specified in the set. When this option is true, keying modules MUST ignore only the authentication suites that they don’t support. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ FALSE
+
+
+ true
+ TRUE
+
+
+
+
+
+ EnablePacketQueue
+
+
+
+
+
+ 0x0
+ This value specifies how scaling for the software on the receive side is enabled for both the encrypted receive and clear text forward path for the IPsec tunnel gateway scenario. Use of this option also ensures that the packet order is preserved. The data type for this option value is a integer and is a combination of flags. A value of 0x00 indicates that all queuing is to be disabled. A value of 0x01 specifies that inbound encrypted packets are to be queued. A value of 0x02 specifies that packets are to be queued after decryption is performed for forwarding.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0x0
+ Indicates that all queuing is to be disabled
+
+
+ 0x1
+ Specifies that inbound encrypted packets are to be queued
+
+
+ 0x2
+ Specifies that packets are to be queued after decryption is performed for forwarding
+
+
+
+
+
+
+ DomainProfile
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ EnableFirewall
+
+
+
+
+ true
+ This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Disable Firewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+ DisableStealthMode
+
+
+
+
+
+ false
+ This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Use Stealth Mode
+
+
+ true
+ Disable Stealth Mode
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ Shielded
+
+
+
+
+ false
+ This value is used as an on/off switch. If this value is on and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Shielding Off
+
+
+ true
+ Shielding On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DisableUnicastResponsesToMulticastBroadcast
+
+
+
+
+
+ false
+ This value is used as an on/off switch. If it is true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Unicast Responses Not Blocked
+
+
+ true
+ Unicast Responses Blocked
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ EnableLogDroppedPackets
+
+
+
+
+
+ false
+ This value is used as an on/off switch. If this value is on, the firewall logs all the dropped packets. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+
+ false
+ Disable Logging Of Dropped Packets
+
+
+ true
+ Enable Logging Of Dropped Packets
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ EnableLogSuccessConnections
+
+
+
+
+
+ false
+ This value is used as an on/off switch. If this value is on, the firewall logs all successful inbound connections. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+
+ false
+ Disable Logging Of Successful Connections
+
+
+ true
+ Enable Logging Of Successful Connections
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ EnableLogIgnoredRules
+
+
+
+
+
+ false
+ This value is used as an on/off switch. The server MAY use this value in an implementation-specific way to control logging of events if a rule is not enforced for any reason. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+
+ false
+ Disable Logging Of Ignored Rules
+
+
+ true
+ Enable Logging Of Ignored Rules
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ LogMaxFileSize
+
+
+
+
+
+ 1024
+ This value specifies the size, in kilobytes, of the log file where dropped packets and successful connections are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+ [0-4294967295]
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ LogFilePath
+
+
+
+
+
+ %systemroot%\system32\LogFiles\Firewall\pfirewall.log
+ This value is a string that represents a file path to the log where the firewall logs dropped packets and successful connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DisableInboundNotifications
+
+
+
+
+
+ false
+ This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Firewall May Display Notification
+
+
+ true
+ Firewall Must Not Display Notification
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ AuthAppsAllowUserPrefMerge
+
+
+
+
+
+ true
+ This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ AuthAppsAllowUserPrefMerge Off
+
+
+ true
+ AuthAppsAllowUserPrefMerge On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ GlobalPortsAllowUserPrefMerge
+
+
+
+
+
+ true
+ This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ GlobalPortsAllowUserPrefMerge Off
+
+
+ true
+ GlobalPortsAllowUserPrefMerge On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ AllowLocalPolicyMerge
+
+
+
+
+
+ true
+ This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ AllowLocalPolicyMerge Off
+
+
+ true
+ AllowLocalPolicyMerge On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ AllowLocalIpsecPolicyMerge
+
+
+
+
+
+ true
+ This value is an on/off switch. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ AllowLocalIpsecPolicyMerge Off
+
+
+ true
+ AllowLocalIpsecPolicyMerge On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DefaultOutboundAction
+
+
+
+
+
+ 0
+ This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ Allow Outbound By Default
+
+
+ 1
+ Block Outbound By Default
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DefaultInboundAction
+
+
+
+
+
+ 1
+ This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ Allow Inbound By Default
+
+
+ 1
+ Block Inbound By Default
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DisableStealthModeIpsecSecuredPacketExemption
+
+
+
+
+
+ true
+ This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ FALSE
+
+
+ true
+ TRUE
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+
+ PrivateProfile
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ EnableFirewall
+
+
+
+
+
+
+ true
+ This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Disable Firewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+ DisableStealthMode
+
+
+
+
+
+ false
+ This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Use Stealth Mode
+
+
+ true
+ Disable Stealth Mode
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ Shielded
+
+
+
+
+
+ false
+ This value is used as an on/off switch. If this value is on and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Shielding Off
+
+
+ true
+ Shielding On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DisableUnicastResponsesToMulticastBroadcast
+
+
+
+
+
+ false
+ This value is used as an on/off switch. If it is true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Unicast Responses Not Blocked
+
+
+ true
+ Unicast Responses Blocked
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ EnableLogDroppedPackets
+
+
+
+
+
+ false
+ This value is used as an on/off switch. If this value is on, the firewall logs all the dropped packets. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+
+ false
+ Disable Logging Of Dropped Packets
+
+
+ true
+ Enable Logging Of Dropped Packets
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ EnableLogSuccessConnections
+
+
+
+
+
+ false
+ This value is used as an on/off switch. If this value is on, the firewall logs all successful inbound connections. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+
+ false
+ Disable Logging Of Successful Connections
+
+
+ true
+ Enable Logging Of Successful Connections
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ EnableLogIgnoredRules
+
+
+
+
+
+ false
+ This value is used as an on/off switch. The server MAY use this value in an implementation-specific way to control logging of events if a rule is not enforced for any reason. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+
+ false
+ Disable Logging Of Ignored Rules
+
+
+ true
+ Enable Logging Of Ignored Rules
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ LogMaxFileSize
+
+
+
+
+
+ 1024
+ This value specifies the size, in kilobytes, of the log file where dropped packets and successful connections are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+ [0-4294967295]
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ LogFilePath
+
+
+
+
+
+ %systemroot%\system32\LogFiles\Firewall\pfirewall.log
+ This value is a string that represents a file path to the log where the firewall logs dropped packets and successful connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DisableInboundNotifications
+
+
+
+
+
+ false
+ This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Firewall May Display Notification
+
+
+ true
+ Firewall Must Not Display Notification
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ AuthAppsAllowUserPrefMerge
+
+
+
+
+
+ true
+ This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ AuthAppsAllowUserPrefMerge Off
+
+
+ true
+ AuthAppsAllowUserPrefMerge On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ GlobalPortsAllowUserPrefMerge
+
+
+
+
+
+ true
+ This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ GlobalPortsAllowUserPrefMerge Off
+
+
+ true
+ GlobalPortsAllowUserPrefMerge On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ AllowLocalPolicyMerge
+
+
+
+
+
+ true
+ This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ AllowLocalPolicyMerge Off
+
+
+ true
+ AllowLocalPolicyMerge On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ AllowLocalIpsecPolicyMerge
+
+
+
+
+
+ true
+ This value is an on/off switch. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ AllowLocalIpsecPolicyMerge Off
+
+
+ true
+ AllowLocalIpsecPolicyMerge On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DefaultOutboundAction
+
+
+
+
+
+ 0
+ This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ Allow Outbound By Default
+
+
+ 1
+ Block Outbound By Default
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DefaultInboundAction
+
+
+
+
+
+ 1
+ This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ Allow Inbound By Default
+
+
+ 1
+ Block Inbound By Default
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DisableStealthModeIpsecSecuredPacketExemption
+
+
+
+
+
+ true
+ This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ FALSE
+
+
+ true
+ TRUE
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+
+ PublicProfile
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ EnableFirewall
+
+
+
+
+
+ true
+ This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Disable Firewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+ DisableStealthMode
+
+
+
+
+
+ false
+ This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Use Stealth Mode
+
+
+ true
+ Disable Stealth Mode
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ Shielded
+
+
+
+
+
+ false
+ This value is used as an on/off switch. If this value is on and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Shielding Off
+
+
+ true
+ Shielding On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DisableUnicastResponsesToMulticastBroadcast
+
+
+
+
+
+ false
+ This value is used as an on/off switch. If it is true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Unicast Responses Not Blocked
+
+
+ true
+ Unicast Responses Blocked
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ EnableLogDroppedPackets
+
+
+
+
+
+ false
+ This value is used as an on/off switch. If this value is on, the firewall logs all the dropped packets. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+
+ false
+ Disable Logging Of Dropped Packets
+
+
+ true
+ Enable Logging Of Dropped Packets
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ EnableLogSuccessConnections
+
+
+
+
+
+ false
+ This value is used as an on/off switch. If this value is on, the firewall logs all successful inbound connections. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+
+ false
+ Disable Logging Of Successful Connections
+
+
+ true
+ Enable Logging Of Successful Connections
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ EnableLogIgnoredRules
+
+
+
+
+
+ false
+ This value is used as an on/off switch. The server MAY use this value in an implementation-specific way to control logging of events if a rule is not enforced for any reason. The merge law for this option is to let "on" values win.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+
+ false
+ Disable Logging Of Ignored Rules
+
+
+ true
+ Enable Logging Of Ignored Rules
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ LogMaxFileSize
+
+
+
+
+
+ 1024
+ This value specifies the size, in kilobytes, of the log file where dropped packets and successful connections are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+ [0-4294967295]
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ LogFilePath
+
+
+
+
+
+ %systemroot%\system32\LogFiles\Firewall\pfirewall.log
+ This value is a string that represents a file path to the log where the firewall logs dropped packets and successful connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.22621
+ 1.0
+
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DisableInboundNotifications
+
+
+
+
+
+ false
+ This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ Firewall May Display Notification
+
+
+ true
+ Firewall Must Not Display Notification
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ AuthAppsAllowUserPrefMerge
+
+
+
+
+
+ true
+ This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ AuthAppsAllowUserPrefMerge Off
+
+
+ true
+ AuthAppsAllowUserPrefMerge On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ GlobalPortsAllowUserPrefMerge
+
+
+
+
+
+ true
+ This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ GlobalPortsAllowUserPrefMerge Off
+
+
+ true
+ GlobalPortsAllowUserPrefMerge On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ AllowLocalPolicyMerge
+
+
+
+
+
+ true
+ This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ AllowLocalPolicyMerge Off
+
+
+ true
+ AllowLocalPolicyMerge On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ AllowLocalIpsecPolicyMerge
+
+
+
+
+
+ true
+ This value is an on/off switch. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ AllowLocalIpsecPolicyMerge Off
+
+
+ true
+ AllowLocalIpsecPolicyMerge On
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DefaultOutboundAction
+
+
+
+
+
+ 0
+ This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ Allow Outbound By Default
+
+
+ 1
+ Block Outbound By Default
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DefaultInboundAction
+
+
+
+
+
+ 1
+ This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ Allow Inbound By Default
+
+
+ 1
+ Block Inbound By Default
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+ DisableStealthModeIpsecSecuredPacketExemption
+
+
+
+
+
+ true
+ This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ FALSE
+
+
+ true
+ TRUE
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
+
+
+
+
+ HyperVVMSettings
+
+
+
+
+ Settings for the Windows Firewall for Hyper-V containers. Each setting applies on a per-VM Creator basis.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ VM Creator ID that these settings apply to. Valid format is a GUID
+
+
+
+
+
+
+
+
+
+ VMCreatorId
+
+
+
+
+
+
+
+ \{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}
+
+
+
- Global
+ EnableFirewall
-
+
+ true
+ This value is an on/off switch for the firewall and advanced security enforcement.
-
+
-
+
-
+
+
+
+ false
+ Disable Firewall
+
+
+ true
+ Enable Firewall
+
+
-
- PolicyVersionSupported
-
-
-
-
- Value that contains the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value is not merged and is always a fixed value for a particular firewall and advanced security components software build.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- CurrentProfiles
-
-
-
-
- Value that contains a bitmask of the current enforced profiles that are maintained by the server firewall host. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. This value is available only in the dynamic store; therefore, it is not merged and has no merge law.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DisableStatefulFtp
-
-
-
-
-
-
-
- FALSE
- This value is an on/off switch. If off, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. FALSE means off; TRUE means on, so the stateful FTP is disabled. The merge law for this option is to let "on" values win.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- SaIdleTime
-
-
-
-
-
-
-
- 300
- This value configures the security association idle time, in seconds. Security associations are deleted after network traffic is not seen for this specified period of time. The value MUST be in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- PresharedKeyEncoding
-
-
-
-
-
-
-
- 1
- Specifies the preshared key encoding that is used. MUST be a valid value from the PRESHARED_KEY_ENCODING_VALUES enumeration. Default is 1 [UTF-8]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- IPsecExempt
-
-
-
-
-
-
-
- 0
- This value configures IPsec exceptions and MUST be a combination of the valid flags that are defined in IPSEC_EXEMPT_VALUES; therefore, the maximum value MUST always be IPSEC_EXEMPT_MAX-1 for servers supporting a schema version of 0x0201 and IPSEC_EXEMPT_MAX_V2_0-1 for servers supporting a schema version of 0x0200. If the maximum value is exceeded when the method RRPC_FWSetGlobalConfig (Opnum 4) is called, the method returns ERROR_INVALID_PARAMETER. This error code is returned if no other preceding error is discovered. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- CRLcheck
-
-
-
-
-
-
-
- This value specifies how certificate revocation list (CRL) verification is enforced. The value MUST be 0, 1, or 2. A value of 0 disables CRL checking. A value of 1 specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail. A value of 2 means that checking is required and that certificate validation fails if any error is encountered during CRL processing. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, use the local store value.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- PolicyVersion
-
-
-
-
- This value contains the policy version of the policy store being managed. This value is not merged and therefore, has no merge law.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- BinaryVersionSupported
-
-
-
-
- This value contains the binary version of the structures and data types that are supported by the server. This value is not merged. In addition, this value is always a fixed value for a specific firewall and advanced security component's software build. This value identifies a policy configuration option that is supported only on servers that have a schema version of 0x0201.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- OpportunisticallyMatchAuthSetPerKM
-
-
-
-
-
-
-
- This value is used as an on/off switch. When this option is false, keying modules MUST ignore the entire authentication set if they do not support all of the authentication suites specified in the set. When this option is true, keying modules MUST ignore only the authentication suites that they don’t support. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- EnablePacketQueue
-
-
-
-
-
-
-
- 0
- This value specifies how scaling for the software on the receive side is enabled for both the encrypted receive and clear text forward path for the IPsec tunnel gateway scenario. Use of this option also ensures that the packet order is preserved. The data type for this option value is a integer and is a combination of flags. A value of 0x00 indicates that all queuing is to be disabled. A value of 0x01 specifies that inbound encrypted packets are to be queued. A value of 0x02 specifies that packets are to be queued after decryption is performed for forwarding.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
- DomainProfile
+ DefaultOutboundAction
+
+ 0
+ This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].
-
+
-
+
-
+
+
+
+ 0
+ Allow Outbound By Default
+
+
+ 1
+ Block Outbound By Default
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
-
- EnableFirewall
-
-
-
-
-
-
- 1
- This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DisableStealthMode
-
-
-
-
-
-
- 0
- This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Shielded
-
-
-
-
-
- 0
- This value is used as an on/off switch. If this value is on and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "on" values win.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DisableUnicastResponsesToMulticastBroadcast
-
-
-
-
-
-
- 0
- This value is used as an on/off switch. If it is true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DisableInboundNotifications
-
-
-
-
-
-
- 0
- This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- AuthAppsAllowUserPrefMerge
-
-
-
-
-
-
- 1
- This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- GlobalPortsAllowUserPrefMerge
-
-
-
-
-
-
- 1
- This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- AllowLocalPolicyMerge
-
-
-
-
-
-
- 1
- This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- AllowLocalIpsecPolicyMerge
-
-
-
-
-
-
- 1
- This value is an on/off switch. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DefaultOutboundAction
-
-
-
-
-
-
- 0
- This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DefaultInboundAction
-
-
-
-
-
-
- 1
- This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DisableStealthModeIpsecSecuredPacketExemption
-
-
-
-
-
-
- 1
- This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
- PrivateProfile
+ DefaultInboundAction
+
+ 1
+ This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].
-
+
-
+
-
+
+
+
+ 0
+ Allow Inbound By Default
+
+
+ 1
+ Block Inbound By Default
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/EnableFirewall
+
+
+ true
+ Enable Firewall
+
+
+
+
+
-
- EnableFirewall
-
-
-
-
-
-
- 1
- This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DisableStealthMode
-
-
-
-
-
-
- 0
- This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Shielded
-
-
-
-
-
- 0
- This value is used as an on/off switch. If this value is on and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "on" values win.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DisableUnicastResponsesToMulticastBroadcast
-
-
-
-
-
-
- 0
- This value is used as an on/off switch. If it is true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DisableInboundNotifications
-
-
-
-
-
-
- 0
- This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- AuthAppsAllowUserPrefMerge
-
-
-
-
-
-
- 1
- This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- GlobalPortsAllowUserPrefMerge
-
-
-
-
-
-
- 1
- This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- AllowLocalPolicyMerge
-
-
-
-
-
-
- 1
- This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- AllowLocalIpsecPolicyMerge
-
-
-
-
-
-
- 1
- This value is an on/off switch. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DefaultOutboundAction
-
-
-
-
-
-
- 0
- This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DefaultInboundAction
-
-
-
-
-
-
- 1
- This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DisableStealthModeIpsecSecuredPacketExemption
-
-
-
-
-
-
- 1
- This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
- PublicProfile
+ EnableLoopback
-
+
+ false
+ This value is an on/off switch for loopback traffic. This determines if this VM type is able to send/receive loopback traffic.
-
+
-
+
-
+
+
+
+ false
+ Disable loopback
+
+
+ true
+ Enable loopback
+
+
-
- EnableFirewall
-
-
-
-
-
-
- 1
- This value is an on/off switch for the firewall and advanced security enforcement. If this value is false, the server MUST NOT block any network traffic, regardless of other policy settings. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DisableStealthMode
-
-
-
-
-
-
- 0
- This value is an on/off switch. When this option is false, the server operates in stealth mode. The firewall rules used to enforce stealth mode are implementation-specific. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Shielded
-
-
-
-
-
- 0
- This value is used as an on/off switch. If this value is on and EnableFirewall is on, the server MUST block all incoming traffic regardless of other policy settings. The merge law for this option is to let "on" values win.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DisableUnicastResponsesToMulticastBroadcast
-
-
-
-
-
-
- 0
- This value is used as an on/off switch. If it is true, unicast responses to multicast broadcast traffic is blocked. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DisableInboundNotifications
-
-
-
-
-
-
- 0
- This value is an on/off switch. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- AuthAppsAllowUserPrefMerge
-
-
-
-
-
-
- 1
- This value is used as an on/off switch. If this value is false, authorized application firewall rules in the local store are ignored and not enforced. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- GlobalPortsAllowUserPrefMerge
-
-
-
-
-
-
- 1
- This value is used as an on/off switch. If this value is false, global port firewall rules in the local store are ignored and not enforced. The setting only has meaning if it is set or enumerated in the Group Policy store or if it is enumerated from the GroupPolicyRSoPStore. The merge law for this option is to let the value GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- AllowLocalPolicyMerge
-
-
-
-
-
-
- 1
- This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced. The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- AllowLocalIpsecPolicyMerge
-
-
-
-
-
-
- 1
- This value is an on/off switch. If this value is false, connection security rules from the local store are ignored and not enforced, regardless of the schema version and connection security rule version. The merge law for this option is to always use the value of the GroupPolicyRSoPStore.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DefaultOutboundAction
-
-
-
-
-
-
- 0
- This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DefaultInboundAction
-
-
-
-
-
-
- 1
- This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. The merge law for this option is to let the value of the GroupPolicyRSoPStore.win if it is configured; otherwise, the local store value is used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DisableStealthModeIpsecSecuredPacketExemption
-
-
-
-
-
-
- 1
- This value is an on/off switch. This option is ignored if DisableStealthMode is on. Otherwise, when this option is true, the firewall's stealth mode rules MUST NOT prevent the host computer from responding to unsolicited network traffic if that traffic is secured by IPsec. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured; otherwise, the local store value is used. For schema versions 0x0200, 0x0201, and 0x020A, this value is invalid and MUST NOT be used.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
+
+
+
+ FirewallRules
+
+
+
+
+ A list of rules controlling traffic through the Windows Firewall. Each Rule ID is ORed. Within each rule ID each Filter type is AND'ed.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/).
+
+
+
+
+
+
+
+
+
+ FirewallRuleName
+
+
+
+
+
+
+
+ ^[^|/]*$
+
+
+
- FirewallRules
+ App
- A list of rules controlling traffic through the Windows Firewall. Each Rule ID is ORed. Within each rule ID each Filter type is AND'ed.
+ Rules that control connections for an app, program or service.
+
+Specified based on the intersection of the following nodes.
+
+PackageFamilyName
+FilePath
+FQBN
+ServiceName
@@ -1280,11 +3082,11 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
-
+
-
+ PackageFamilyName
@@ -1292,227 +3094,220 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
- Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/).
+ PackageFamilyName - This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application.
-
+
-
+
- FirewallRuleName
-
+
-
- App
-
-
-
-
- Rules that control connections for an app, program or service.
-
-Specified based on the intersection of the following nodes.
-
-PackageFamilyName
-FilePath
-FQBN
-ServiceName
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- PackageFamilyName
-
-
-
-
-
-
-
- PackageFamilyName - This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- FilePath
-
-
-
-
-
-
-
- FilePath - This App/Id value represents the full file path of the app. For example, C:\Windows\System\Notepad.exe.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Fqbn
-
-
-
-
-
-
-
- Fully Qualified Binary Name
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- ServiceName
-
-
-
-
-
-
-
- This is a service name, and is used in cases when a service, not an application, must be sending or receiving traffic.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
- Protocol
-
-
-
-
-
-
-
- 0-255 number representing the ip protocol (TCP = 6, UDP = 17). If not specified the default is All.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- LocalPortRanges
-
-
-
-
-
-
-
- Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- RemotePortRanges
-
-
-
-
-
-
-
- Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- LocalAddressRanges
-
-
-
-
-
-
-
- Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value.
+
+
+ FilePath
+
+
+
+
+
+
+
+ FilePath - This App/Id value represents the full file path of the app. For example, C:\Windows\System\Notepad.exe.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Fqbn
+
+
+
+
+
+
+
+ Fully Qualified Binary Name
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ServiceName
+
+
+
+
+
+
+
+ This is a service name, and is used in cases when a service, not an application, must be sending or receiving traffic.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Protocol
+
+
+
+
+
+
+
+ 0-255 number representing the ip protocol (TCP = 6, UDP = 17). If not specified the default is All.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [0-255]
+
+
+
+
+ LocalPortRanges
+
+
+
+
+
+
+
+ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ RemotePortRanges
+
+
+
+
+
+
+
+ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IcmpTypesAndCodes
+
+
+
+
+
+
+
+
+ String value. Multiple ICMP type+code pairs can be included in the string by separating each value with a ",". If more than one ICMP type+code pair is specified, the strings must be separated by a comma.
+ To specify all ICMP types and codes, use the "*" character. For specific ICMP types and codes, use the ":" to separate the type and code.
+ The following are valid examples: 3:4 or 1:*. The "*" character can be used to represent any code. The "*" character can't be used to specify any type, examples such as "*:4" or "*:*" are invalid.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 10.0.19043
+ 1.0
+
+
+
+
+
+
+
+ LocalAddressRanges
+
+
+
+
+
+
+
+ Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value.
Valid tokens include:
"*" indicates any local address. If present, this must be the only token included.
@@ -1520,30 +3315,33 @@ A subnet can be specified using either the subnet mask or network prefix notatio
A valid IPv6 address.
An IPv4 address range in the format of "start address - end address" with no spaces included.
An IPv6 address range in the format of "start address - end address" with no spaces included. If not specified the default is All.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- RemoteAddressRanges
-
-
-
-
-
-
-
- Consists of one or more comma-delimited tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ RemoteAddressRanges
+
+
+
+
+
+
+
+ Consists of one or more comma-delimited tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include:
"*" indicates any remote address. If present, this must be the only token included.
"Defaultgateway"
"DHCP"
@@ -1558,288 +3356,1057 @@ A subnet can be specified using either the subnet mask or network prefix notatio
A valid IPv6 address.
An IPv4 address range in the format of "start address - end address" with no spaces included.
An IPv6 address range in the format of "start address - end address" with no spaces included. If not specified the default is All.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Description
-
-
-
-
-
-
-
- Specifies the description of the rule.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Enabled
-
-
-
-
-
- Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ RemoteAddressDynamicKeywords
+
+
+
+
+
+
+
+ Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying the remote addresses covered by the rule.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 99.9.99999
+ 1.0
+
+
+ \{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}
+
+
+
+
+
+ Description
+
+
+
+
+
+
+
+ Specifies the description of the rule.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Enabled
+
+
+
+
+
+ Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
If not specified - a new rule is disabled by default.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Profiles
-
-
-
-
-
- Specifies the profiles to which the rule belongs: Domain, Private, Public. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. If not specified, the default is All.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Action
-
-
-
-
- Specifies the action for the rule.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Type
-
-
-
-
-
- 1
- Specifies the action the rule enforces:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ Disabled
+
+
+ 1
+ Enabled
+
+
+
+
+
+ Profiles
+
+
+
+
+
+ Specifies the profiles to which the rule belongs: Domain, Private, Public. See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types. If not specified, the default is All.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0x1
+ FW_PROFILE_TYPE_DOMAIN: This value represents the profile for networks that are connected to domains.
+
+
+ 0x2
+ FW_PROFILE_TYPE_STANDARD: This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they are in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE: This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD.
+
+
+ 0x4
+ FW_PROFILE_TYPE_PUBLIC: This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator are not trusted.
+
+
+ 0x7FFFFFFF
+ FW_PROFILE_TYPE_ALL: This value represents all these network sets and any future network sets.
+
+
+ 0x80000000
+ FW_PROFILE_TYPE_CURRENT: This value represents the current profiles to which the firewall and advanced security components determine the host is connected at the moment of the call. This value can be specified only in method calls, and it cannot be combined with other flags.
+
+
+
+
+
+ Action
+
+
+
+
+ Specifies the action for the rule.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Type
+
+
+
+
+
+ 1
+ Specifies the action the rule enforces:
0 - Block
1 - Allow
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
- Direction
-
-
-
-
-
- IN
- Comma separated list. The rule is enabled based on the traffic direction as following.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ Block
+
+
+ 1
+ Allow
+
+
+
+
+
+
+ Direction
+
+
+
+
+
+ OUT
+ Comma separated list. The rule is enabled based on the traffic direction as following.
IN - the rule applies to inbound traffic.
OUT - the rule applies to outbound traffic.
-If not specified the detault is IN.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- InterfaceTypes
-
-
-
-
-
- All
- String value. Multiple interface types can be included in the string by separating each value with a ",". Acceptable values are "RemoteAccess", "Wireless", "Lan", "MobileBroadband", and "All".
- If more than one interface type is specified, the strings must be separated by a comma.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- EdgeTraversal
-
-
-
-
-
-
-
- Indicates whether edge traversal is enabled or disabled for this rule.
+If not specified the detault is OUT.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IN
+ The rule applies to inbound traffic.
+
+
+ OUT
+ The rule applies to outbound traffic.
+
+
+
+
+
+ InterfaceTypes
+
+
+
+
+
+
+
+ All
+
+ String value. Multiple interface types can be included in the string by separating each value with a ",". Acceptable values are "RemoteAccess", "Wireless", "Lan", "MBB", and "All".
+ If more than one interface type is specified, the strings must be separated by a comma.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ RemoteAccess
+ RemoteAccess
+
+
+ Wireless
+ Wireless
+
+
+ Lan
+ Lan
+
+
+ MBB
+ MobileBroadband
+
+
+ All
+ All
+
+
+
+
+
+
+ EdgeTraversal
+
+
+
+
+
+
+
+ Indicates whether edge traversal is enabled or disabled for this rule.
The EdgeTraversal property indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address.
New rules have the EdgeTraversal property disabled by default.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- LocalUserAuthorizedList
-
-
-
-
-
-
-
- Specifies the list of authorized local users for the app container.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ Disabled
+
+
+ 1
+ Enabled
+
+
+
+
+
+ LocalUserAuthorizedList
+
+
+
+
+
+
+
+ Specifies the list of authorized local users for the app container.
This is a string in Security Descriptor Definition Language (SDDL) format..
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Status
-
-
-
-
- Provides information about the specific verrsion of the rule in deployment for monitoring purposes.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Name
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ PolicyAppId
+
+
+
+
+
+
+
+ Specifies one WDAC tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ".", and "_".
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 99.9.99999
+ 1.1
+
+
+ ^[A-Za-z0-9_.:/]+$
+
+
+
+
+ Status
+
+
+
+
+ Provides information about the specific verrsion of the rule in deployment for monitoring purposes.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Name
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ HyperVFirewallRules
+
+
+
+
+ A list of rules controlling traffic through the Windows Firewall for Hyper-V containers. Each Rule ID is ORed. Within each rule ID each Filter type is AND'ed.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Unique alpha numeric identifier for the rule. The rule name must not include a forward slash (/).
+
+
+
+
+
+
+
+
+
+ FirewallRuleName
+
+
+
+
+
+
+
+ ^[^|/]*$
+
+
+
+
+ Priority
+
+
+
+
+
+
+
+ 0-255 number representing the IANA Internet Protocol (TCP = 6, UDP = 17). If not specified the default is All.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [0-255]
+
+
+
+
+ Direction
+
+
+
+
+
+ OUT
+ Comma separated list. The rule is enabled based on the traffic direction as following.
+
+IN - the rule applies to inbound traffic.
+OUT - the rule applies to outbound traffic.
+
+If not specified the detault is OUT.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IN
+ The rule applies to inbound traffic.
+
+
+ OUT
+ The rule applies to outbound traffic.
+
+
+
+
+
+ VMCreatorId
+
+
+
+
+
+
+
+ This field specifies the VM Creator ID that this rule is applicable to. A NULL GUID will result in this rule applying to all VM creators.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ \{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}
+
+
+
+
+ Protocol
+
+
+
+
+
+
+
+ 0-255 number representing the ip protocol (TCP = 6, UDP = 17). If not specified the default is All.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [0-65535]
+
+
+
+
+ LocalAddressRanges
+
+
+
+
+
+
+
+ Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value.
+Valid tokens include:
+"*" indicates any local address. If present, this must be the only token included.
+
+A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+A valid IPv6 address.
+An IPv4 address range in the format of "start address - end address" with no spaces included.
+An IPv6 address range in the format of "start address - end address" with no spaces included. If not specified the default is All.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ LocalPortRanges
+
+
+
+
+
+
+
+ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ RemoteAddressRanges
+
+
+
+
+
+
+
+ Consists of one or more comma-delimited tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include:
+"*" indicates any remote address. If present, this must be the only token included.
+A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+A valid IPv6 address.
+An IPv4 address range in the format of "start address - end address" with no spaces included.
+An IPv6 address range in the format of "start address - end address" with no spaces included. If not specified the default is All.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ RemotePortRanges
+
+
+
+
+
+
+
+ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the default is All.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Action
+
+
+
+
+ Specifies the action for the rule.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Type
+
+
+
+
+
+ 1
+ Specifies the action the rule enforces:
+0 - Block
+1 - Allow
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ Block
+
+
+ 1
+ Allow
+
+
+
+
+
+
+ Enabled
+
+
+
+
+
+ Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true.
+If not specified - a new rule is disabled by default.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ Disabled
+
+
+ 1
+ Enabled
+
+
+
+
+
+ Status
+
+
+
+
+ Provides information about the specific verrsion of the rule in deployment for monitoring purposes.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Name
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ DynamicKeywords
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 99.9.99999
+ 1.0
+
+
+
+ Addresses
+
+
+
+
+ A list of dynamic keyword addresses for use within firewall rules. Dynamic keyword addresses can either be a simple alias object or fully-qualified domain names which will be autoresolved in the presence of the Microsoft Defender Advanced Threat Protection Service.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A unique GUID string identifier for this dynamic keyword address.
+
+
+
+
+
+
+
+
+
+ Id
+
+
+
+
+
+
+
+ \{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}
+
+
+
+
+ Keyword
+
+
+
+
+
+
+ A String reprsenting keyword. If the AutoResolve value is true, this should be a Fully Qualified Domain name (wildcards accepted, for example "contoso.com" or "*.contoso.com"). If the AutoResolve value is false, then this can be any identifier string.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Addresses
+
+
+
+
+
+
+
+ Consists of one or more comma-delimited tokens specifying the addresses covered by this keyword. This value should not be set if AutoResolve is true.
+ Valid tokens include:
+ A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
+ A valid IPv6 address.
+ An IPv4 address range in the format of "start address - end address" with no spaces included.
+ An IPv6 address range in the format of "start address - end address" with no spaces included.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Vendor/MSFT/Firewall/MdmStore/DynamicKeywords/Addresses/[Id]/AutoResolve
+
+
+ false
+ AutoResolve False
+
+
+
+
+
+
+
+
+ AutoResolve
+
+
+
+
+
+
+ false
+ If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a fully qualified domain name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ AutoResolve False
+
+
+ true
+ AutoResolve True
+
+
+
+
+
```
+
+## Related articles
+
+[Firewall configuration service provider reference](firewall-csp.md)