Windows Firewall
Intune: Windows Firewall Domain - Default Inbound Block
Windows Firewall Domain: Default inbound action = BLOCK - whitelist approach (explicit allow rules ONLY).
Intune: Windows Firewall Domain - Disable Inbound Notifications
Disable firewall inbound notifications op Domain profile - voorkomt notification fatigue (corporate network = many blocked connections = noise).
Intune: Windows Firewall Domain - Log Dropped Packets
Log dropped packets in Windows Firewall Domain profile - visibility into BLOCKED traffic (attack detection: port scans, lateral movement attempts).
Intune: Windows Firewall Domain - Log Successful Connections
Log successful firewall connections - audit trail of ALLOWED traffic (forensics: 'which system accessed what?').
Intune: Windows Firewall Domain Profile Enabled
Enable Windows Firewall Domain Profile - CRITICAL lateral movement defense (Zero Trust: don't trust corporate network).
Schakel In Domain Network Firewall Loggen Dropped Packets Is Set To Yes
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Intune: Windows Firewall Domain - Configure Log File Path
Configure Windows Firewall Domain log file path - default: %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log (CIS standard location).
Intune: Windows Firewall Domain Log Size
Windows Firewall Domain log max size = 16MB+ (CIS: 16384 KB minimum) - adequate retention voor incident investigation.
Schakel In Domain Network Firewall Loggen Successful Connections Is Set To Yes
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Schakel In Private Network Firewall Standaard Inbound Action Voor Private Profile Is Set To Block
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Schakel In Private Network Firewall Schakel Uit Inbound Notificaties Is Set To True
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Schakel In Private Network Firewall Schakel In Loggen Dropped Packets Is Set To Yes Schakel In Logging Of Dropped Packets
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Schakel In Private Network Firewall Schakel In Loggen Success Connections Is Set To Schakel In Logging Of Successful Connections
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Schakel In Private Network Firewall Is Set To True
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Schakel In Private Network Firewall Loggen Dropped Packets Is Set To Yes
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Schakel In Private Network Firewall Loggen File Path Is Set To Systemroot System32 Logfiles Firewall Privatefw Log
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Schakel In Private Network Firewall Loggen Max File Size Is Set To 16 384 Kb Of Greater
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Intune: Windows Firewall Public - Block Local IPsec Policy Merge
Block local IPsec policy merge on Public profile - prevents local admins from weakening firewall (centralized control ONLY).
Intune: Windows Firewall Public - Block Local Firewall Rule Merge
Block local firewall rule merge on Public profile - prevents local admins/malware from adding firewall exceptions (centralized control ONLY).
Intune: Windows Firewall Public - Default Inbound Block
Windows Firewall Public: Default inbound = BLOCK ALL - strictest setting (public WiFi = zero trust).
Intune: Windows Firewall Public - Disable Inbound Notifications
Disable inbound firewall notifications on Public profile - prevents user notification spam (public WiFi = many blocked connections).
Intune: Windows Firewall Public - Log Dropped Packets
Log dropped packets in Public profile - **CRITICAL** attack visibility on public WiFi (airport, hotel networks = hostile).
Intune: Windows Firewall Public - Log Successful Connections
Log successful Public firewall connections - audit trail of allowed traffic on public WiFi (forensics: 'what did laptop access on hotel WiFi?').
Intune: Windows Firewall Public Profile Enabled
Enable Windows Firewall Public Profile - **CRITICAL** defense voor public WiFi (airport, hotel, coffee shop = hostile networks).
Schakel In Public Network Firewall Loggen Dropped Packets Is Set To Yes
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Intune: Windows Firewall Public - Configure Log File Path
Configure Public firewall log path - standard: %SystemRoot%\System32\LogFiles\Firewall\publicfw.log (separate from Domain log).
Schakel In Public Network Firewall Loggen Max File Size Is Set To 16 384 Kb Of Greater
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Firewall Domain State
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Windows Firewall Ingeschakeld Op Alle Profielen
Windows firewall moet ingeschakeld zijn op ALLE drie netwerk profielen (Domain, Private, Public) om inbound Netwerk aanvallen te blokkeren, ongeautoriseerde remote access te voorkomen, en malware lateral movement te beperken ongeacht de netwerk locatie van het device.
Firewall Inbound Standaard Block
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Firewall Logging Ingeschakeld
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Firewall Outbound Standaard Allow
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Firewall Private State
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Firewall Public State
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Firewall Unicast Response Multicast
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.