Configure Firewall rules to allow reusable settings with Windows Defender

We can configure Windows Defender firewall to allow reusable group settings to devices and these capabilities will provide more controls to configure firewall and reuse the settings across policies. Remote IP Address ranges & Fully Qualified Domain name definitions and auto-resolution properties in the groups can be used across policies and it’s supported for Windows 10, Version 20H2+, and Windows 11.

Prerequisite for FQDN feature

  • Microsoft Defender Antivirus must be running 4.18.2209.7 or later version.
  • Network Protection should be in block or audit mode.
  • DNS over HTTPS (DoH) should be disabled on Edge, Chrome & Firefox browsers.
  • The device’s default DNS resolution settings apply.

You can now see the configure reusable settings under endpoint security firewall pane and it will display existing groups and firewall policies using the groups. Create a new reusable setting and provide name & description and properties. You can include remote IP ranges or import the file. Also, fully qualified domain names (FQDNs) can be used in the rule definition and the keyword field should be fully qualified domain name if you set Auto-Resolve flag to true and IP address will be automatically resolved.

Devices which you are going to apply policies should have Microsoft Defender Antivirus as primary and network protection enabled or else, you will not be able to enforce FQDN keywords and up to 100 properties can be added in the group. Once reusable setting group created, it will show in the reusable settings groups list and admin can edit the group properties at any time.

You can see existing reusable settings group by clicking “Set reusable settings” while creating Firewall rule policy and you can add one or more groups. It applies to Windows 10, version 20H2+ or Windows 11.

You can create firewall rules and their properties and reference groups, and it can be mixed with other rules that reference reusable groups, have manual definition within policy, or both. This will help to manage easily when configuring many firewall rules.

Reusable groups can be added or removed by editing firewall rules. If you add, remove or alter reusable groups, firewall policies inheriting its group properties will also inherit the changes.

Share:

Facebook
Twitter
LinkedIn
Picture of Karthick Jokirathinam

Karthick Jokirathinam

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 028
Cyber Security

WME Security Briefing 27 September 2024

DragonRank SEO Manipulation Campaign Targeting IIS Servers Across Asia and Europe Overview A cyber espionage campaign is targeting IIS servers in several countries across Asia and Europe. The DragonRank campaign emanates from a simplified Chinese-speaking actor and specializes

Click Here to Read Full Article »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=