Mastering Microsoft 365 Defender by Ru Campbell & Viktor Hedberg

Mastering Microsoft 365 Defender by Ru Campbell & Viktor Hedberg

Author:Ru Campbell & Viktor Hedberg
Language: eng
Format: epub
Publisher: Packt
Published: 2023-04-15T00:00:00+00:00


Monitoring WFAS

Intune’s MDM devices running Windows 10 or later with firewall off applies to Windows 10 and 11 and tells you exactly what it sounds like it does. You can find it in Endpoint security | Firewall | MDM devices running Windows 10 or later with firewall off. This page gives you an exportable list of devices, along with firewall status information:

Figure 8.16 – Using the MDM admin center to see devices with WFAS off

You can also use Reports | Firewall | MDM Firewall status for Windows 10 and later in Intune. When you click Generate report, it will start to populate a line-level report of devices and their statuses, which can be exported too.

Moving from Intune to Microsoft 365 Defender, we can get more data about WFAS. Head to Microsoft 365 Defender | Reports | Firewall to view reports on inbound and outbound connections, as well as a tab about connections based on apps and processes.

Lastly, advanced hunting makes firewall analysis possible with the DeviceEvents table. Blocked connections can be found by querying ActionType for values such as FirewallInboundConnectionBlocked, FirewallOutboundConnectionBlocked, and FirewallInboundConnectionToAppBlocked.

This section on WFAS brings us to the end of exploring the features across MDE for securing Windows clients and servers.



Download



Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.