🎯 Purpose
✅ Enforce a baseline Windows Firewall posture for all Windows devices, aligned to Essential Eight – Network Protection (IBP / Maturity Level 1).
➡️ This policy ensures Windows Defender Firewall is always enabled with secure defaults across all network types.
👥 Who is affected
✅ Devices: All Windows 10 / 11 devices
🚫 Exclusions: None
➡️ Every Windows device receives the same firewall baseline. No exceptions.
☁️ What network access is protected
✅ Firewall profiles: Domain, Private, Public
✅ Traffic direction: Inbound and outbound
✅ Networks: Corporate, home, and public/untrusted networks
➡️ All network traffic is filtered by Windows Defender Firewall.
🔐 How firewall protection is enforced
✅ Firewall enabled on all profiles
✅ Default inbound traffic blocked
✅ Default outbound traffic allowed
✅ Stealth mode enabled (no response to unsolicited probes)
✅ Legacy stateful FTP disabled
✅ Local firewall and IPsec policy merges blocked on Public networks
✅ Dropped and successful connections logged
➡️ Devices are protected by default, even on untrusted networks, with no local bypass.
ℹ️ Note: Preventing local policy merges on Public networks stops users or attackers from weakening firewall rules while roaming.
⚙️ What this policy does NOT enforce
🚫 Application‑specific firewall rules
🚫 Network segmentation policies
🚫 Conditional Access decisions
🚫 VPN enforcement
➡️ These controls are handled by separate IBP security policies.
🟢 Policy status
✅ Enabled
✅ Assigned to all devices
✅ Actively enforcing firewall protection
📘 Essential Eight Alignment
✅ Meets Essential Eight – Network Protection (Maturity Level 1)
✅ Host‑based firewall enabled
✅ Default‑deny inbound posture enforced
✅ Logging enabled for visibility and incident response
ℹ️ More granular rule control and monitoring are addressed in Maturity Levels 2 and 3
📘 Practical Interpretation (Executive‑Friendly)
This firewall policy ensures that:
✅ Every Windows device
✅ Blocks unsolicited inbound network traffic
✅ Allows outbound traffic by default
✅ Enforces the strongest controls on public networks
✅ Logs network activity for security visibility
This establishes a safe, low‑noise, enterprise‑ready firewall baseline suitable for Initial Baseline Protection and provides a clear foundation for uplift to higher Essential Eight maturity levels.