This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy. The recommended state for this setting is: No. Rationale: Users with administrative privileges might create firewall rules that expose the system to remote attack. Impact: Administrators can still create local connection security rules, but the rules will not be applied.
Solution
To establish the recommended configuration, set the following Device Configuration Policy to Block: To access the Device Configuration Policy from the Intune Home page: Click Devices Click Configuration profiles Click Create profile Select the platform (Windows 10 and later) Select the profile (Endpoint protection) Click Create Enter a Name Click Next Configure the following Setting Path: Endpoint protection/Microsoft Defender Firewall/Public (non-discoverable) network Setting Name: Microsoft Defender Firewall rules from the local store Configuration: Block Select OK Continue through the Wizard to complete the creation of the profile (profile assignments, applicability etc.) Note: More than one configuration setting from each of the Configuration profiles (ex: Administrative Templates, Custom etc.) can be added to each Device Configuration Policy. Default Value: Yes (default). (Local connection security rules created by administrators will be applied.)