Can we block certain ports and IP's via Intune which may be vulnerable on open network like Wi-Fi and other public networks when end users are connecting their work devices to it?

@Vinod Survase, Thanks for posting in Q&A. In Intune, we can only configure firewall policy to set firewall rule to block ports or IP address on windows device. Here is a link for your reference:

https://video2.skills-academy.com/en-us/mem/intune/protect/endpoint-security-firewall-profile-settings

However, it's important to note that blocking certain ports and IPs may impact the functionality of certain apps or services. It's recommended to thoroughly test any changes before implementing them in a production environment.

Meanwhile, based on my researching, I find some articles describe we can control mobile device access to corporate resources using Conditional Access based on risk assessment. You can read them to see if they can help on your scenario:

• Better Mobile Threat Defense connector with Intune
• Sophos Mobile Threat Defense connector with Intune
• Use BlackBerry Protect Mobile with Intune
• Pradeo Mobile Threat Defense connector with Intune

Hope the above information can help.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.