Securing Your Server with Windows Defender Firewall with Advanced Security
Windows Defender with Advanced Security is a built-in host firewall that helps secure your server by allowing you to create rules that determine which network traffic is permitted to enter your server from the network and which network traffic your server is allowed to send to the network.
To get started, open the Start Menu and look for the application Windows Defender Firewall with Advanced Security. Click on the application to open it.
1) Right-click on Windows Defender with Advanced Security and go to Properties.
2) Click on the tab Private Profile. Under the Logging section, click Customize.
3) Next to Log dropped packets, switch the setting to Yes. Do the same for Log successful connections.Leave the log file name and size limit as-is.
4) Click OK. Repeat these steps for the Public Profile.
Scope Common Firewall Rules
1) Click on Inbound Rules.
2) Look for the inbound rule you would like to scope. For this article, we will scope the Remote Desktop - User Mode (TCP-In) rule. Double click the firewall rule to open the rule properties.
3) Click on the tab Scope. Under the Remote IP address section, click the ellipses next to These IP addresses, and then click Add.
4) Enter the IP address or subnet you would like to allow access your server over Remote Desktop. Click OK.
5) Click Apply. Your server will now only accept Remote Desktop connections over the specified IP address or subnet.