Endpoint Protection

Hello -

I have a small number of unmanaged clients that were installed from the CD1 folder and won't be managed by SEPM.    We were entering the NTP firewall rules in the client's UI and noticed that there are buttons for "allow" and "deny" but nothing for "log".

We want to have a generic rule at the bottom of all of the firewall rules to set to "log" for the time being, eventually it will be set to "deny".

Is there a way in the unmanaged client's UI to set a rule to log only without having to use SEPM?   Does anyone know the default action in unmanaged client if you don't specify "log".  For example will all allow and denys be logged by default?

Thanks ---

 By default an Unmanaged client logs all actions/event by Network Threat Protection.

If you have sepm
you can configure that in policy
export a package as an unmanaged client and select the option to export polices from that particular group..
This would help you to log though its unmanaged. 

Select that particular rule(In client GUI status tab ----->NTP--->options---->configure firewall rule), click on edit in the general tab you will get the option as "record this traffic in the packet log" select it.In the sane tab you will get the option for allow or deny this traffic.
 

I think Vikram is correct - after reviewing the logs it appears that the unmanaged client logs by all events by default.  

The other solutions are technically correct as well.