Important
Microsoft Defender for Business is now in preview, and will roll out gradually to customers and IT Partners who sign-up here to request it. We will onboard an initial set of customers and partners in the coming weeks and will expand the preview leading up to general availability. Note that preview will launch with an initial set of scenarios, and we will be adding capabilities regularly.
Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here.
Microsoft Defender for Business (preview) includes firewall policies that help protect your devices from unwanted network traffic. You can use custom rules to define exceptions for your firewall policies. That is, you can use custom rules to block or allow specific connections.
To learn more about firewall policies and settings, see Firewall in Microsoft Defender for Business (preview).
This article describes how to:
- Create a custom rule for a firewall policy
- Edit a custom rule for a firewall policy
- Delete a custom rule
Create a custom rule for a firewall policy
- Go to the Microsoft 365 Defender portal (https://security.microsoft.com) and sign in.
- Go to Endpoints > Device configuration, and review the list of policies.
- In the Firewall section, select an existing policy, or add a new policy.
- On the Configuration settings step, review the settings. Make any needed changes to Domain network, Public network, and Private network.
- To create a custom rule, follow these steps:
- Under Custom rules, choose + Add rule. (You can have up to 150 custom rules.)
- On the Create new rule flyout, specify a name and description for the rule.
- Select a profile. (Your options include Domain network, Public network, or Private network.)
- In the Remote address type list, select either IP or Application file path.
- In the Value box, specify an appropriate value. Depending on what you selected in step 6d, you might specify an IP address, an IP address range, or an application file path. (See Firewall settings.)
- On the Create new rule flyout, select Create rule.
- On the Configuration settings screen, choose Next.
- On the Review your policy screen, review the changes that were made to firewall policy settings. Make any needed changes, and then choose Create policy.
Edit a custom rule for a firewall policy
- Go to the Microsoft 365 Defender portal (https://security.microsoft.com) and sign in.
- Go to Endpoints > Device configuration, and review the list of policies.
- In the Firewall section, select an existing policy, or add a new policy.
- Under Custom rules, review the list of rules.
- Select a rule, and then choose Edit. Its flyout opens.
- To edit your custom rule, follow these steps:
- On the Edit rule flyout, review and edit the rule’s name and description.
- Review and if necessary, edit the rule’s profile. (Your options include Domain network, Public network, or Private network.)
- In the Remote address type list, select either IP or Application file path.
- In the Value box, specify an appropriate value. Depending on what you selected in step 6c, you might specify an IP address, an IP address range, or an application file path. (See Firewall settings.)
- Set Enable rule to On to make the rule active. Or, to disable the rule, set the switch to Off.
- On the Edit rule flyout, select Update rule.
- On the Configuration settings screen, choose Next.
- On the Review your policy screen, review the changes that were made to firewall policy settings. Make any needed changes, and then choose Create policy.
Delete a custom rule
- Go to the Microsoft 365 Defender portal (https://security.microsoft.com) and sign in.
- Go to Endpoints > Device configuration, and review the list of policies.
- In the Firewall section, select an existing policy, or add a new policy.
- Under Custom rules, review the list of rules.
- Select a rule, and then choose Delete. Its flyout opens.
- On the confirmation screen, choose Delete.