In this blog post, I will demonstrate how to check and export Intune Firewall Policy report. Enabling firewall on Windows and macOS computers is important for maintaining security of the OS. There are default security rules which filter incoming and outgoing network traffic to prevent malicious programs from accessing sensitive data or exploiting vulnerabilities.
When there are thousands of computers managed by Intune, It’s impossible to check the status of firewall on each computer manually. Thankfully, Intune collects this data and provides it to Intune admin center. You can find out which MDM devices have firewall turned off. Export the list of those devices and take action accordingly e.g., turning on the firewall. Let’s explore all the firewall related reporting capabilities on Intune admin center.
Contents
MDM Devices with Firewall turned Off
First step is to identify the devices on which the firewall is turned off. These devices need immediate attention and should be addressed first. To find out which MDM devices have the firewall turned off, you can follow below steps:
- Sign in to Intune admin center > Endpoint security > Firewall > MDM devices running Windows 10 or later with firewall off.
Below screenshot shows that there are no devices in the list, as all the devices in my organization are compliant and have firewall enabled and turned on. You may find devices listed on this page, these are the devices on which firewall is not switched on. Along with the firewall status, you will also get below details about the devices:
- Firewall status
- Device ID
- Device name
- Last check in time
Click on Export button to export the list of devices into a CSV file.
Export MDM Firewall Status Report
On Intune admin center, you can also export the firewall status for all Intune-managed devices. There is a dedicated Reports page where you can find reports related to Endpoint security including Firewall. Let’s check the steps:
- Sign in to Microsoft Intune admin center > Reports > Firewall > MDM Firewall Status for Windows 10 and later > Generate Report.
- Click on Generate Report to generate a report on the page which shows the Firewall status. Along with the firewall status, you will also find below information on the screen. You can click on Columns drop-down to select the columns you want to display.
- Device name
- Device ID
- Firewall status
- OS
- User Name
- Microsoft Entra ID
- UPN
- Managed by
- Clicking on Export will export this report into a CSV file. Please note once you have generated the report, next the the button to generate the report will be changed to Generate again. You can click on this button to refresh the columns and get the updated firewall status of windows devices.
Firewall Status Information
You can find different firewall status apart from Enabled status. If its enabled, then its means that the firewall is worked as expected. Below are the firewall status and its details:
- Enabled – The firewall on, and successfully reporting.
- Disabled – The firewall is turned off.
- Limited – The firewall isn’t monitoring all networks, or some rules are turned off.
- Temporarily Disabled (default) – The firewall is temporarily not monitoring all networks
- Not applicable – The device doesn’t support firewall reporting.
