I see that I can create firewall rules, and I am sure that some configuration of New-NetFirewallRule for a particular app can duplicate the behavior of enabling the App's access to public and private networks in the Control Panel "Firewall & Network Protection" GUI.
However, I don't know exactly what that combination is, and I am replacing a manual process whereby a user went in and toggled on that access for a list of applications.
My use case for powershell is to enable "private" and "public" access for a list of applications such that a user who would typically have checked those boxes manually can now see those boxes are checked after the program runs.
So rather than duplicating the firewall conditions that enabling those boxes would create, I need to perform some powershell command ceremony that will make those boxes show up as enabled in the control panel GUI, and update the firewall's behavior in exactly the same way.
How would I configure windows defender to allow apps on public and private networks with Powershell exactly as if they were configured that way by a GUI-based user in Windows Settings?
If the answer is: that can't be done. Just create the new firewall rule to allow inbound data for the application with "Any" profile, and you are good, then that's alright. I that case, I just need to know I won't be over-permitting the app relative to what's being done via the manual process.
It turns out this was really easy.
$rules = Get-NetFirewallRule -All |? {$_.DisplayName -match "MY-PATTERN"}
$rules |% {
Set-NetFirewallRule -DisplayName $_.DisplayName -Action Allow -Profile Any -Direction Inbound
}
It was impossible for me to do this with new rules without enumerating an extensible, unbounded list of new application names. The applications in question were not guaranteed to be present at the time of configuration, and could be installed in arbitrary locations. I needed to find the rules the installer had established via pattern match, and modify them in place.