1 00:00:00,840 --> 00:00:03,140 Windows Defender Firewall. 2 00:00:03,140 --> 00:00:05,520 Well, if you've been a Microsoft specialist for a while, 3 00:00:05,520 --> 00:00:09,230 you've seen that the built‑in software firewall in Windows 4 00:00:09,230 --> 00:00:11,730 client and Windows Server has come a long way. 5 00:00:11,730 --> 00:00:16,190 We're talking about a host‑based firewall that is baked into the Windows 6 00:00:16,190 --> 00:00:21,880 OS manageable via Group Policy that allows us to create inbound and 7 00:00:21,880 --> 00:00:26,500 outbound traffic security rules. And the three templates that we have at 8 00:00:26,500 --> 00:00:28,940 our disposal are program‑based rules, 9 00:00:28,940 --> 00:00:32,550 port‑based rules, or custom rules, custom being the 10 00:00:32,550 --> 00:00:35,420 preferred to give you the maximum flexibility. 11 00:00:35,420 --> 00:00:39,670 One principle of Defender Firewall is the location 12 00:00:39,670 --> 00:00:43,660 profile, and this gives the firewall some flexibility in 13 00:00:43,660 --> 00:00:47,460 terms of when you're on a laptop, say a corporate laptop, 14 00:00:47,460 --> 00:00:49,520 when you're connected to the domain, 15 00:00:49,520 --> 00:00:54,360 the domain profile will be active. Then, otherwise, if you connect to say 16 00:00:54,360 --> 00:00:58,080 your home network for the first time, you get that dialog, do you want to 17 00:00:58,080 --> 00:01:03,060 enable sharing on this device? And that decision, you can always change it 18 00:01:03,060 --> 00:01:07,830 later, would be determining whether you'll use private or public for those 19 00:01:07,830 --> 00:01:09,740 new network connections. 20 00:01:09,740 --> 00:01:10,270 So again, 21 00:01:10,270 --> 00:01:14,400 this allows Windows Defender Firewall to maintain separate rule 22 00:01:14,400 --> 00:01:17,640 sets for A, your Active Directory domain, 23 00:01:17,640 --> 00:01:23,530 B, your private networks, for example, your home LAN, and C, public networks. 24 00:01:23,530 --> 00:01:27,330 This would be, for instance, if you go to the coffee shop or you're 25 00:01:27,330 --> 00:01:31,710 in an airport and some untrusted public network. That would, of 26 00:01:31,710 --> 00:01:34,640 course, have very strict rules by default. 27 00:01:34,640 --> 00:01:35,160 As I said, 28 00:01:35,160 --> 00:01:39,640 we can most commonly centrally control Windows Defender 29 00:01:39,640 --> 00:01:43,240 Firewall using Group Policy. No surprises there. 30 00:01:43,240 --> 00:01:45,980 There is a flag that you can flip, 31 00:01:45,980 --> 00:01:50,670 so to speak, in Windows Defender Firewall that Microsoft calls shields up 32 00:01:50,670 --> 00:01:55,230 mode, and this is a way to help mitigate active attacks. 33 00:01:55,230 --> 00:02:00,300 It's a control in the Windows Defender Firewall UI, or user interface, 34 00:02:00,300 --> 00:02:05,440 that will immediately block all new incoming connections. 35 00:02:05,440 --> 00:02:10,590 So it's a way that's analogous to unplugging the system, so to speak. 36 00:02:10,590 --> 00:02:13,330 In other words, by flipping shields up mode, 37 00:02:13,330 --> 00:02:17,240 you're preventing any new incoming network connections. 38 00:02:17,240 --> 00:02:22,850 Here's a screenshot of in the foreground we have the old‑fashioned Defender 39 00:02:22,850 --> 00:02:27,290 Firewall control panel, and then in the background we have the Windows 40 00:02:27,290 --> 00:02:31,210 Defender Firewall with Advanced Security MMC console. 41 00:02:31,210 --> 00:02:33,300 And as you can see on the left side there, 42 00:02:33,300 --> 00:02:34,570 you've got your Inbound, 43 00:02:34,570 --> 00:02:41,000 your Outbound Rules. Then you've got your Connection Security Rules that we'll learn about next.