Connecting to wireless monitors with AutoPilot enrolled devies is a problem and eventually the connection will be timing out.
This situation happened after applying security baselines via Intune so it seemed like the security baseline was causing this issue.
The Endpoint Security baseline contains settings that prevent the merge of connection security rules firewall rules with the group policy. Therefore the standard local firewall Wireless Display Rule will not apply.
The “feature” is documented in this article : Security baseline settings Windows 10 and later with Intune and can be found here https://docs.microsoft.com/en-us/mem/intune/protect/security-baseline-settings-mdm-all?pivots=november-2021#microsoft-defender-firewall
To solve the problem we need to create a new profile for an Firewall exclusion.
The default rule Wireless Display (TCP-In) rule looks like this.
C:\Windows\System32\WUDFHost.exeAllow In/Out connections for TCP and UDP, Ports: All. |
So we have to rebuild the exact same rule and deploy it to all the autopilot clients.
In Endpoint Manager choose Endpoint security, followed by Firewall
Click Create Policy
Choose Windows 10, Windows 11…..
And click Create
Give a name and description
Assign this rule to all AutoPilot clients.
To test it force a sync on your device,
head over to Settings – Accounts – Access work or school – Work or School Account – Info – and click Sync.
Now wait a few minutes and the firewall rule will show up.
Nice to Know :
Firewall & Network settings WiDi
If you need to create firewall rules, general network settings for Intel WiDi – Miracast are :
Miracast-certified device uses an ad-hoc, peer-to-peer Wi-Fi connection (known as Wi-Fi Direct) to share content
Network subnets | 192.168.137.0/24 192.168.16.0/24 192.168.179.0/24 |
Generic firewall rule | Application: All applicationsAction: Allow network trafficDirection: InboundProtocol: TCP/UDPPort(s): Specific ports: 5353, 7236,7250IP address(s): IPv4 address: 192.168.137.0, Subnet mask: 255.255.255.0 |
If the security level is “high”, please add another three (3) outbound exceptions:Application: All applicationsAction: Allow network trafficDirection: OutboundProtocol: TCP/UDPPort(s): All portsIP address(s): IPv4 address: 192.168.137.0, Subnet mask: 255.255.255.0 |
Port | Type | Protocol | |
1024-65535 | Dynamic | UDP | RTP (video and audio mirroring) |
1024-65535 | Dynamic | UDP | RTCP (RTP transportation quality report) |
7236 | Static | TCP | RTSP (Miracast display negotiation) |
139 – TCP5353 – UDP 7236 – UDP and TCP 7250 – TCP |
Powershell commands
Get-NetAdapter | Microsoft Wi-Fi Direct virtual Adapter | |
Get-NetConnectionProfile |
Eventlogs
The location in the Windows Eventviewer.
Miracast events will be logged to Microsoft – Windows – WLAN-Autoconfig.
Check if Miracast is supported
Ensure Miracast is supported on the device.
Press Windows Key + R and type dxdiag.
Click “Save all information”.
Open the saved dxdiag.txt and find Miracast. It should say Available, with HDCP.
Other troubleshooting :