In this post, we will explore all the firewall policy reports available in Microsoft Intune. The Intune firewall policy reports show detailed information about the firewall status of your managed devices.
For both Windows and macOS devices, you can configure the built-in firewall using the endpoint security Firewall policy in Intune. It is important to configure the firewall policy because if you don’t do so, the users can manage the firewall on their own which puts the devices at risk.
The Intune firewall policy reports display status details about the firewall status for your managed devices. You can also use these reports to identify devices that have the firewall enabled or disabled. Note that the firewall reports in Intune support managed devices that run only Windows 11 and Windows 10.
Intune offers several reports for users and we are going to cover only the firewall reports in this guide. These reports are very useful in gathering critical statistics about the firewalls, especially when you’re using security policies on the devices.
Also Read: How to Configure macOS Firewall Settings with Intune
List of Intune Firewall Policy Reports
Microsoft Intune offers two reports to determine the Firewall status on Windows devices.
- MDM Firewall status​ for Windows 10 and later
- MDM devices running Windows 10 or later with firewall off
We’ll discuss about both these reports in this guide.
MDM Firewall status for Windows 10 and later
You can generate a report to check the MDM firewall status for Windows devices in Intune with these steps:
- Sign in to the Microsoft Intune admin center.
- Go to Reports > Firewall > MDM Firewall Status for Windows 10 and later.
- Click on Generate Report.
When you click on Generate Report, a notification appears in the top right-hand corner with the message “Generating MDM Firewall Status for Windows 10 and later.” It takes a few seconds for Intune to create firewall status report of all your Windows devices.
The generated report includes the following columns:
- Device name
- Firewall status
- Managed by
- Device ID
- OS
- User name
- Microsoft Entra ID
- UPN
Note: When the firewall status report is generated in Intune, you can see the date and time when it was last generated.
Before running the report, you have the option to select the columns that appear in the final report. Click on Columns, choose the ones that you want to include in the report and select Apply. Click Generate again to generate a firewall status report with updated columns.
Firewall Status Details
After you run the firewall status report in Intune, the Firewall Status column shows the actual state of the firewall. The table below is provided by Microsoft which helps in understanding what these Status details mean.
| MDM Firewall Status | Description |
|---|---|
| Enabled | The firewall is on and successfully reporting |
| Disabled | The firewall is turned off |
| Limited | The firewall isn’t monitoring all networks, or some rules are turned off |
| Temporarily Disabled (default) | The firewall is temporarily not monitoring all networks |
| Not Applicable | The device doesn’t support firewall reporting |
MDM devices running Windows 10 or later with firewall off
The report “MDM devices running Windows 10 or later with firewall off” shows the MDM devices that have firewall turned off. This report is located in the endpoint security node in the Intune admin center. The Firewall status data is reported through the Windows DeviceStatus CSP, and identifies each device where the Firewall is off.
Open the Microsoft Intune admin center, and then go to Endpoint security > Firewall > MDM devices running Windows 10 or later with firewall off. Look for the Firewall status column, which indicates the status of the firewall on each device.
In addition to the Firewall status, the following details are also included:
- Device name
- Firewall status
- User principal name
- Target (The method of device management)
- Last check in time
If you go to Endpoint security > Firewall and choose the Summary tab, you can quickly find the count of Windows devices that have firewall turned off. The Summary also displays a list of your Firewall policies, including the name, type, if it’s assigned, and when it was last modified.
After you have identified the devices that do not have their firewalls turned on, you can use Intune to either create a new endpoint security firewall policy or modify an existing one to ensure that the firewall is turned on.
Export Firewall Status Report in Intune
If you have multiple Windows devices that show their firewall status as unhealthy, you can export them to a .csv file in Intune. Go to Endpoint security > Firewall and select MDM devices running Windows 10 or later with firewall off. Select the devices with the firewall turned off and click on the Export option.
The following message is displayed: “This will export all selected columns and rows with filters applied to a compressed comma-separated values (.csv) file. Do you want to continue?“
Select Yes to continue and the browser now downloads the firewall status report, which is a zip file. You’ll have to extract the contents of this zip file to a folder. This report in the folder contains a list of device names and their firewall status.
You can also export the MDM firewall status report from the Reports > Firewall node in the Intune admin center. All you need to do is click on the Export button and select Yes to confirm the export. The browser downloads the firewall status report. It’s a zip file and you must extract the contents into the folder. The firewall status report is a .csv file and can be viewed with the Microsoft Excel application.
Troubleshooting Firewall Policy issues
In most organizations, you’ll find a few Windows devices whose firewall status is unhealthy. There could be several reasons why the firewall does not accept policies and settings initiated through Intune. For example, if a firewall policy targets an incorrect rule, subsequent policy rules may fail to process. As a result, you will need to troubleshoot these issues using Intune logs.
We’ll publish a separate guide on common firewall issues and troubleshooting issues related to the firewall rules for Intune. Until then, keep visiting this site for more such useful guides.
Still Need Help?
If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.
