Guidance for setting Network profile type based on network indicators / Trusted Network Connection

[dogborne]

Is there any guidance for setting the Network profile type on an Azure Active Directory device from Public to Private. On an Active Directory joined machine this would default to the Domain profile when on the corporate network but for an AAD joined device it defaults to the Public profile.

At the moment the Public firewall profile is applying when a device is joined to the corporate network.

On the same topic you should also include guidance on how to enable the Firewall reporting feature as part of Defender for Endpoint.

[oobedan]

Hi @dogborne. There's no current guidance on this outside of what is in the ACSC Windows 10 guidance. We are not aware of any out of the box feature to automatically manage the profile based on location for non-AD hybrid devices (Domain Profile). Potentially could write your own script to run to manage this via the registry.

Will look into the Firewall reporting feature.

[pl4nty]

@dogborne The Intune team are aware of this issue, the accepted solution for now seems to be PowerShell like Dan mentioned. Unfortunately the DynamicManagement CSP doesn't support firewall profiles at this time.

[oobedan]

Firewall reporting feature -> https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/new-reporting-functionality-for-device-control-and-windows/ba-p/3290601#:~:text=Host%20firewall%20reporting%20in%20Microsoft%20Defender%20for%20Endpoint,firewall%20reports%20in%20the%20Microsoft%20365%20Defender%20portal.

[pl4nty]

This is now supported in the December updates via https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-networklistmanager