The documentation on this is pretty sparse with regards to prerequisites. Can I assume that Windows Firewall needs to be totally unmanaged in every way for this to work (in other words, no GPOs, and no 3rd party AV)?
We were hoping we could just quarantine an endpoint on demand, and than the take it out of quarantine when issues have been remediated.
As it stands, ID 2012 (Quarantine - Automatically Quarantine New Clients - …) is the only fixlet showing relevant. Deploying it returns a status of Fixed, yet the endpoint still has full network access. The logs show Exit Code=1 for all entries even though we disabled our 3rd party AV firewall to allow use of the Windows Firewall.
I’m wondering how others manage this option since it’s probably a given that companies are going to a managed Windows firewall… For some reason I thought you could manipulate just IP Sec and not use the Windows FW in the first place.