Issue
- I wanted to change firewall settings in Intune for macOS from Enabled to Not Configured so that I can conduct scans and other tests on the macOS devices but it was not working.
- I could not access the macOS firewall settings directly on the macOS device because it still indicated that it was controlled by Intune.
Solution
- For this to work, you need to set the Intune macOS firewall policy to Not Configured and also set the macOS firewall component of the Intune macOS compliance policy to Not Configured.
- Navigate to Intune Admin portal>>>Endpoint Security>>>Firewall>>>click on your created macOS firewall policy>>> click Edit for Configuration Settings and set Firewall, Incoming Connections, and Stealth Mode to Not Configured. Note that, when you set only the Firewall to Not Configured, the rest are set to Not Configured as well.
- Navigate to Intune Admin portal>>>Endpoint Security>>>Device Compliance>>>click on your created macOS compliance policy>>> click on the Properties tab>>> click Edit for Compliance Settings.
- Expand System Security and scroll down to Device Security.
- Set Firewall; Incoming Connections and Stealth Mode to Not Configured.
- Note that when you set only the Firewall to Not Configured, the rest still keep their original configurations of Block and Enable, respectively; which may cause issues.
- To ensure that this is done correctly, set Incoming Connections and Stealth Mode to Not Configured first and then after that you can set the Firewall to Not Configured.
- Once the changes have been completed, sign into the Company Portal application and then allow for the changes to sync from Intune to the device.
- Use the Check Status feature in Company Portal application to force a sync between Intune and the macOS device.
- Reboot after some time if it is taking longer than an hour to reflect on the device.
- When you are able to access and edit the Firewall settings directly on the macOS device, it means you have been successful.