Table of contents
Managing firewall configurations in hybrid or cloud environments isn’t just about setting a few static rules anymore. With services like Microsoft 365, Intune and Azure AD constantly changing, adding new endpoints, IP ranges and updates, keeping up can be tough.
Without automation, managing firewalls becomes a heavy task, increases security risks, and slows things down. This is where XOAP makes a real difference. It turns firewall management into a fully automated, secure and scalable process using Config as Code.
The problem without automation
The Intune Connector for Active Directory requires outbound communication to various Microsoft cloud services to function properly. However, in legacy environments, this can present some challenges:
- No wildcard support in the firewall (no *.microsoft.com)
- No Application Control feature available
- Only specific IP addresses or FQDNs can be configured
- Firewall rules must be maintained manually
Automating firewall changes: Technical approach
Manage your entire firewall configuration lifecycle as code:
- Store configurations centrally
- Versioning & GitOps integration
- Multi-environment & multi-tenant ready
- Automatic deployment across systems
- Compliance & drift detection
Extend your configuration management with dynamic execution:
- Execute PowerShell scripts or CLI commands
- Across any Azure connection or subscription
- On-demand or fully automated via pipeline
- With parameter injection and dynamic data handling
Typical architecture for firewall automation with XOAP
Step 1: Retrieve the latest Microsoft Endpoint Data > PowerShell Script (scripted action) – call Microsoft Endpoint API for IP ranges
Step 2: Update firewall configuration > inject latest IPs into configuration template – store in XOAP
Step 3: Deploy configuration > XOAP pushes configuration to target firewalls (local, cloud, hybrid)
Step 4: Execute scripted action > run PowerShell or CLI commands to apply settings – directly against Azure Firewall/NSGs/Third-party appliances
Step 5: Continuous compliance monitoring > XOAP detects drift – automatically reapply configuration if necessary
Why XOAP for firewall automation
XOAP makes it easier to manage and automate firewall changes with a powerful set of features that work well together. To start, Configuration as Code helps keep your firewall setups consistent and simple to update. Then, GitOps integration takes care of automating change processes, making updates smoother and less likely to cause issues.
On top of that, Scripted Actions let you run PowerShell or CLI commands across any Azure connection or subscription, giving you a lot of flexibility. Plus, with its multi-tenant architecture, you can easily manage different rule sets for different customers or environments. It also comes with compliance and drift detection, which automatically spots and fixes any unauthorized changes. And finally, central visibility gives you clear audit trails and reports so you can stay on top of everything.
Example use cases for Scripted Actions in firewall automation
Moving forward
Managing firewalls doesn’t have to be a pain. XOAP takes care of the repetitive stuff by automating it, so you’re not stuck making changes by hand every time something needs updating. With things like Configuration Management and Scripted Actions, your team can stay on top of security, make changes quickly and spend less time fixing things.
Curious how it all comes together? Let’s have a quick chat.
