WiDi Miracast problem with Autopilot & Windows 10

Connecting to wireless monitors with AutoPilot enrolled devies is a problem and eventually the connection will be timing out.

This situation happened after applying security baselines via Intune so it seemed like the security baseline was causing this issue. 

The Endpoint Security baseline contains settings that prevent the merge of connection security rules firewall rules with the group policy.  Therefore the standard local firewall Wireless Display Rule will not apply.

The “feature” is documented in this article : Security baseline settings Windows 10 and later with Intune and can be found here https://docs.microsoft.com/en-us/mem/intune/protect/security-baseline-settings-mdm-all?pivots=november-2021#microsoft-defender-firewall

To solve the problem we need to create a new profile for an Firewall exclusion.

The default rule Wireless Display (TCP-In) rule looks like this.

 C:\Windows\System32\WUDFHost.exeAllow In/Out connections for TCP and UDP, Ports: All.

So we have to rebuild the exact same rule and deploy it to all the autopilot clients.

In Endpoint Manager choose Endpoint security, followed by Firewall

Click Create Policy 

Choose Windows 10, Windows 11…..

And click Create

Give a name and description

Assign this rule to all AutoPilot clients.

To test it force a sync on your device,
head over to Settings – Accounts – Access work or school – Work or School Account – Info – and click Sync.

Now wait a few minutes and the firewall rule will show up.

Nice to Know : 

Firewall & Network settings WiDi

If you need to create firewall rules, general network settings for Intel WiDi – Miracast are : 

 Miracast-certified device uses an ad-hoc, peer-to-peer Wi-Fi connection (known as Wi-Fi Direct) to share content
 

Network subnets 192.168.137.0/24
192.168.16.0/24
192.168.179.0/24
Generic firewall ruleApplication: All applicationsAction: Allow network trafficDirection: InboundProtocol: TCP/UDPPort(s): Specific ports: 5353, 7236,7250IP address(s): IPv4 address: 192.168.137.0, Subnet mask: 255.255.255.0
 If the security level is “high”, please add another three (3) outbound exceptions:Application: All applicationsAction: Allow network trafficDirection: OutboundProtocol: TCP/UDPPort(s): All portsIP address(s): IPv4 address: 192.168.137.0, Subnet mask: 255.255.255.0
PortTypeProtocol 
1024-65535DynamicUDPRTP (video and audio mirroring)
1024-65535DynamicUDPRTCP (RTP transportation quality report)
7236StaticTCPRTSP (Miracast display negotiation)
139 – TCP5353 – UDP
7236 – UDP and TCP
7250 – TCP
   

Powershell commands 

Get-NetAdapter Microsoft Wi-Fi Direct virtual Adapter
Get-NetConnectionProfile  

Eventlogs

The location in the Windows Eventviewer. 
Miracast events will be logged to Microsoft – Windows – WLAN-Autoconfig. 

Check if Miracast is supported 


Ensure Miracast is supported on the device.

Press Windows Key + R and type dxdiag.

Click “Save all information”.

Open the saved dxdiag.txt and find Miracast. It should say Available, with HDCP.

Other troubleshooting : 

https://docs.microsoft.com/en-us/surface-hub/miracast-troubleshooting

Leave a Reply

Your email address will not be published. Required fields are marked *