Managing Datagram Processing on Windows Server Using Microsoft Intune

How to Allow or Block Datagram Processing on Windows Server Using Intune

Hey there! 👋 In this article, let’s dive into how to Allow or Block Datagram Processing on Windows Server using Microsoft Intune’s Settings Catalog.

But first… what exactly is a datagram?

A datagram is a self-contained unit of data sent over a network — think of it like a digital postcard. It uses the User Datagram Protocol (UDP), which allows data to be transmitted without establishing a formal connection first. This makes datagrams ideal for real-time communication, where speed is more important than reliability, like video streaming or DNS lookups.

💡 What Is "Allow Datagram Processing" on Windows Server?

Allow Datagram Processing is a configuration setting that enables Windows Server to efficiently handle incoming and outgoing UDP traffic. When enabled, it optimizes the way your server processes datagrams, improving performance for applications that rely on real-time, low-latency communication.

Although Windows Server can process UDP traffic by default, certain security policies or network configurations may restrict this behavior, potentially leading to performance bottlenecks. That’s where fine-tuning the setting via Intune comes in.

🎯 Why This Setting Matters

Enabling datagram processing ensures:

• Faster handling of UDP packets

• Improved performance for services like:

• Reduced delays for services that depend on quick data delivery without retransmission

🔧 Managing Datagram Processing via Intune

Using Microsoft Intune and the Settings Catalog, IT admins can remotely configure Windows Server policies, including the Allow Datagram Processing setting. This provides centralized control, ensures consistency across environments, and aligns with modern endpoint management practices.

⚙️ What Is the Windows CSP Behind It?

The Configuration Service Provider (CSP) is a framework in Windows that allows settings to be applied and enforced via mobile device management (MDM) tools like Intune.

For Datagram Processing, Intune uses the relevant Defender or Network CSP policies to apply configurations. These CSPs act as bridges between the Intune portal and the actual Windows system components, allowing granular control over specific system behaviors.

🛠️ Coming Up Next

In the next sections, we’ll walk through:

1. How to create and deploy the Allow Datagram Processing policy using the Settings Catalog in Intune

2. How to monitor the deployment

3. How to verify the policy is active using Event Viewer

4. Real-world use cases and best practices

We can also see the allowed values for the policy “Enable Datagram Processing on Win Server“. Allowed values are the directives and sources we can specify to control which resources can be loaded on a web page.

🛠️ How to Allow or Block Datagram Processing on Windows Server Using Intune

To deploy the Allow or Block Datagram Processing policy using Intune, follow the steps below to create a configuration profile via the Settings Catalog:

👉 Step-by-Step:

In the Microsoft Intune Admin Center, go to

1. Devices.

2. Windows Devices  under the platform options.

3. Click on Configuration.

4. Select + New Policy

Next, we will create a new configuration profile from scratch. First, we need to provide the options mentioned below.

1. Under Platform, select: Windows 10 and later

2. Under Profile type, choose: Settings catalog

3. Click Create to start configuring the policy.

📝 Basics

On the Basics page, enter a name for the configuration profile — for example: “Allow Datagram Processing – Windows Server”

In the Description field, you can add: “Enables or blocks datagram (UDP) processing on Windows Server devices using Intune policy.”

Once completed, click Next to proceed.

Configuration Settings

Configuration settings define the rules, parameters, and controls determining how systems, applications, or networks operate in policy management. We can add settings for the policies in the configuration settings.

⚙️ Settings Picker

As the name suggests, the Settings Picker is the tool that allows us to select specific settings for our Intune configuration profile. In this step, we’ll choose the setting that controls Datagram Processing on Windows Server.

👉 Follow these steps:

1. Search for and select: Allow Datagram Processing on Windows Server

2. In the list of categories, expand Defender

3. Check the box next to Allow Datagram Processing on Windows Server to include it in the policy

4. Click Close to exit the Settings Picker

This interface simplifies policy creation by helping you quickly find and apply the correct configuration, reducing the chance of errors and streamlining deployment.

After closing the Settings Picker window, you’ll be redirected to the Configuration settings page, where the selected category will appear.

In this case, we selected the setting “Datagram processing on Windows Server is enabled” for deployment.

By default, this setting is set to Disabled, so you’ll need to manually switch it to Enabled if you want to allow datagram processing.

Scope Tags

To skip this section is preferable, as it is not mandatory for the desired policy. Actually, Scope tags are a filtering mechanism that restricts access to policies, configurations, and devices in IT management systems.

On the Assignments page, assign the configuration profile to the appropriate device group.

Click on Add Groups under the Included Groups section, then select: “GRP - MS365Education - Test Computers”

In this example, no filters are applied, and the Excluded Groups section remains blank.

Click Next to continue.

On the Review + create page, carefully review all the settings configured for the Allow Datagram Processing – Windows Server.

If everything is correct, click Create to deploy the policy to the assigned devices.

Monitor the Deployment of the “Allow Datagram Processing – Windows Server” Policy

After deploying the policy to the GRP - MS365Education - Test Computers device group, it will be applied as soon as the assigned devices complete a sync with Microsoft Intune.

To monitor the deployment status, follow these steps:

1. In the Intune portal, navigate to: Devices > Windows > Configuration profiles

2. Search for the profile named: “Allow Datagram Processing – Windows Server”

3. Click on the profile to open it, then check the Device and user check-in status section to view the deployment results and compliance status.

✅ Conclusion

Managing datagram processing on Windows Server through Microsoft Intune gives IT administrators greater control over how UDP traffic is handled across their environment. By configuring this policy via the Settings Catalog, you ensure consistency, improve performance for real-time applications, and enhance overall network efficiency.

Whether your goal is to enable datagram processing for better responsiveness in services like DNS, streaming, or IoT — or to restrict it for security reasons — Intune provides a scalable and centralized approach to policy enforcement.

As organizations move toward modern endpoint management, taking advantage of granular settings like this one is key to aligning performance and security across Windows Server workloads.

📚 More Information

To deepen your understanding of configuring and managing the Allow Datagram Processing on Windows Server policy using Microsoft Intune, refer to the following official Microsoft resources:

• Defender CSP – Configuration Service Provider

• Configure Microsoft Defender Antivirus using Microsoft Intune

• Troubleshoot problems with Network protection

• Use network protection to help prevent connections to malicious or suspicious sites

These resources provide detailed guidance for configuring, deploying, and validating datagram processing and network protection policies on Windows Server devices using Microsoft Intune.

Thank you!

🖥️ Ricardo Barbosa

📘 MCT Microsoft Certified Trainer | ☁️ Cloud Architect

🌐 Technology Director - https://altelix.com