Intune Defender Firewall policy Issue


Hi All,

Our organization manages a firewall through Sophos, but the built-in Windows Defender Firewall policy recently became activated in our Intune tenant. We’re unsure how or why this policy was turned on.
Now users are getting popups that Defender Firewall is blocking on all networks.
Our audit logs haven’t provided clues on who enabled the policy. I’ve checked the assignment status and policy definitions.
Has anyone seen issues with Intune Defender policies becoming unexpectedly activated? What troubleshooting steps did you take to determine the root cause?
What impact would be removing the Defender Firewall assignment have on end users? And what’s the best way to prevent this from happening again?
Appreciate any advice from the Intune experts here!

Posted by  Anonymous member in HTMD FB Group

Answers ( 2 )

  1. Replied by Anonymous member

    Sanjay Mittal Already checked those, and nothing out of the ordinary or indication to show what could have enabled the Defender firewall policy

  2. Replied by Sanjay Mittal

    Sophos endpoint security or Sophos firewall? Seems you have enabled Defender for the endpoint, and maybe it is conflicting with Sophos. Ping me in the morning

    Replied by Anonymous member

    Sanjay Mittal, We haven’t activated Defender for Endpoint because it requires a connection or synchronisation with Defender, which hasn’t been enabled yet. Our current security setup involves Sophos endpoint security.

    Replied by Sanjay Mittal

    Anonymous members check the baseline policy of Windows. Somewhere there is a conflict, and Intune will show it. Have you tried to check on Sophos’s login portal?

Leave an answer

Sorry, you do not have permission to answer to this question .