Intune Defender Firewall policy Issue
Question
Hi All,
Our organization manages a firewall through Sophos, but the built-in Windows Defender Firewall policy recently became activated in our Intune tenant. We’re unsure how or why this policy was turned on.
Now users are getting popups that Defender Firewall is blocking appname.services.windows.personal on all networks.
Our audit logs haven’t provided clues on who enabled the policy. I’ve checked the assignment status and policy definitions.
Has anyone seen issues with Intune Defender policies becoming unexpectedly activated? What troubleshooting steps did you take to determine the root cause?
What impact would be removing the Defender Firewall assignment have on end users? And what’s the best way to prevent this from happening again?
Appreciate any advice from the Intune experts here!
Posted by Anonymous member in HTMD FB Group
Answers ( 2 )
Replied by Anonymous member
Sanjay Mittal Already checked those, and nothing out of the ordinary or indication to show what could have enabled the Defender firewall policy
Replied by Sanjay Mittal
Sophos endpoint security or Sophos firewall? Seems you have enabled Defender for the endpoint, and maybe it is conflicting with Sophos. Ping me in the morning
Replied by Anonymous member
Sanjay Mittal, We haven’t activated Defender for Endpoint because it requires a connection or synchronisation with Defender, which hasn’t been enabled yet. Our current security setup involves Sophos endpoint security.
Replied by Sanjay Mittal
Anonymous members check the baseline policy of Windows. Somewhere there is a conflict, and Intune will show it. Have you tried to check on Sophos’s login portal?