User Profile
Ruser
Copper Contributor
Joined 10 months ago
User Widgets
Recent Discussions
external media block on macOS (intune, Defender)
Hello, I'm trying to create policy (profile) which should Block all USB devices except approved devices e.g Barco ClickShare. I followed this article, created profile not blocking at all. Could you please what additional actions should be performed on MS Defender side? Following this articlehttps://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-device-control-overview?view=o365-worldwide Thank you! <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1"> <dict> <key>PayloadUUID</key> <string>C4E6A782-0C8D-44AB-A025-EB893987A295</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadOrganization</key> <string>Microsoft</string> <key>PayloadIdentifier</key> <string>com.microsoft.wdav</string> <key>PayloadDisplayName</key> <string>Microsoft Defender for Endpoint settings</string> <key>PayloadDescription</key> <string>Microsoft Defender for Endpoint configuration settings</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadEnabled</key> <true/> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadScope</key> <string>System</string> <key>PayloadContent</key> <array> <dict> <key>PayloadUUID</key> <string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string> <key>PayloadType</key> <string>com.microsoft.wdav</string> <key>PayloadOrganization</key> <string>Microsoft</string> <key>PayloadIdentifier</key> <string>com.microsoft.wdav</string> <key>PayloadDisplayName</key> <string>Microsoft Defender for Endpoint configuration settings</string> <key>PayloadDescription</key> <string/> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadEnabled</key> <true/> <key>dlp</key> <dict> <key>features</key> <array> <dict> <key>name</key> <string>DC_in_dlp</string> <key>state</key> <string>enabled</string> </dict> </array> </dict> <key>deviceControl</key> <dict> <key>policy</key> <string> { "groups": [ { "$type": "device", "id": "0a7c0337-946a-4ea5-9d4c-3cfa6cb4d8e2", "name": "All Removable Media Devices", "query": { "$type": "all", "clauses": [ { "$type": "primaryId", "value": "removable_media_devices" } ] } }, { "$type": "device", "id": "ba2ec8ba-2f4c-4e7f-a9f6-4034b7b2c7ed", "name": "Barco ClickShare", "query": { "$type": "all", "clauses": [ { "$type": "vendorId", "value": "0x600" } ] } } ], "rules": [ { "id": "69a4a010-acb1-4573-8a58-50cf4ee7of9h", "name": "Deny Write and Execute to all Removable Media Devices", "includeGroups": [ "0a7c0337-946a-4ea5-9d4c-3cfa6cb4d8e2b" ], "excludeGroups": [ "ba2ec8ba-2f4c-4e7f-a9f6-4034b7b2c7ed" ], "entries": [ { "__comments": "Deny Write and Execute.", "$type": "removableMedia", "id": "c7a13940-5c14-49f6-b0fb-b076ubk6f9dd", "enforcement": { "$type": "deny" }, "access": [ "write", "execute" ] }, { "__comments": "Show UX and send events for all blocked operations.", "$type": "removableMedia", "id": "ae5672a9-0746-41e7-8ch1-93777f1bb508", "enforcement": { "$type": "auditDeny", "options": [ "send_event", "show_notification" ] }, "access": [ "write", "execute" ] } ] } ], "settings": { "features": { "removableMedia": { "disable": false } }, "global": { "defaultEnforcement": "allow" }, "ux": { "navigationTarget": "Microsoft.com" } } } </string> </dict> </dict> </array> </dict> </plist>726Views0likes0Comments
Groups
Recent Blog Articles
No content to show