Skip to main content
Question

Device Control with Microsoft Defender

  • March 31, 2023
  • 6 replies
  • 75 views
WilsonFredonia
Forum|alt.badge.img+4

Hello all,

We are deploying out Microsoft Defender for Endpoint. Everything is going well except for setting up Device Control.

I have everything configured using the custom schema at mdatp-xplat/schema.json at master · microsoft/mdatp-xplat (github.com) , which is linked from Microsoft's documentation. I have played around with trying to get JSON into the line for device control and had no luck.

ProfileManifestsMirror/com.microsoft.wdav.json at main · Jamf-Custom-Profile-Schemas/ProfileManifestsMirror (github.com) I have tried to use the custom schema from the Profile Manifests Mirror above and none of the settings deployed at all.

I also tried iMazing Profile Editor, with both signed and unsigned, and had the same issue as the Profile Manifests Mirror (which isn't surprising since they are linked I believe).

Has anyone had any luck with developing and formatting the JSON string to use in Microsoft's schema to enable device control?

Thanks!

 

    6 replies

    dmccluskey
    Forum|alt.badge.img+8
    • dmccluskey
    • Valued Contributor
    • March 31, 2023

    are you looking for the PPPC settings for DLP?

    WilsonFredonia
    Forum|alt.badge.img+4

    are you looking for the PPPC settings for DLP?


    I do have that baked in. It is using Microsoft's Schema, the section for Device Control requires a JSON string. I think my JSON is wrong since further troubleshooting with mdatp device-control policy rules list is showing as empty.

    I see they have some examples that I had tried modifying and they have scripts to convert from previous, but am I wrong that it doesn't not look like they have great guidance on configuring via that method from scratch? Are there better alternatives that do seem to work well?

    piotrr
    Forum|alt.badge.img+8
    • piotrr
    • Contributor
    • April 14, 2023

    I've decided against DLP in the past, but it seems you're right - the policy JSON in turn needs another JSON string defining device control. You'd pretty much need a schema interpreter within the schema json for MDATP. 

    Like I said, I haven't done this, but it seems the schema you need for the DC JSON is here, rather than where you linked: 

    mdatp-devicecontrol/device_control_policy_schema.json at main · microsoft/mdatp-devicecontrol · GitHub 

    WilsonFredonia
    Forum|alt.badge.img+4
    • WilsonFredonia
    • Author
    • Contributor
    • April 14, 2023

    I've decided against DLP in the past, but it seems you're right - the policy JSON in turn needs another JSON string defining device control. You'd pretty much need a schema interpreter within the schema json for MDATP. 

    Like I said, I haven't done this, but it seems the schema you need for the DC JSON is here, rather than where you linked: 

    mdatp-devicecontrol/device_control_policy_schema.json at main · microsoft/mdatp-devicecontrol · GitHub 


    I have managed to get it working with only the most minor tinkering of their JSON examples. Any time I tried to get it more to exactly what I would need, it would not deploy as a device control policy to the endpoint. However, as I need to potentially white list devices, I definitely will be needing to modifying significantly more so maybe I'll go back to trying to implement their schema, as I had tried that particular schema in tandem with their broader schema previously, without success. Maybe a change I had made in another spot ultimately became what got things working. Thanks for reminding me of that separate schema.

    And I totally wish I could decide against DLP... I'll leave it at that

    L
    Forum|alt.badge.img+1
    • lharris1
    • New Contributor
    • October 10, 2024

    I have managed to get it working with only the most minor tinkering of their JSON examples. Any time I tried to get it more to exactly what I would need, it would not deploy as a device control policy to the endpoint. However, as I need to potentially white list devices, I definitely will be needing to modifying significantly more so maybe I'll go back to trying to implement their schema, as I had tried that particular schema in tandem with their broader schema previously, without success. Maybe a change I had made in another spot ultimately became what got things working. Thanks for reminding me of that separate schema.

    And I totally wish I could decide against DLP... I'll leave it at that


    Could you share what you have done to get this working?

    piotrr
    Forum|alt.badge.img+8
    • piotrr
    • Contributor
    • February 6, 2025

    I have managed to get it working with only the most minor tinkering of their JSON examples. Any time I tried to get it more to exactly what I would need, it would not deploy as a device control policy to the endpoint. However, as I need to potentially white list devices, I definitely will be needing to modifying significantly more so maybe I'll go back to trying to implement their schema, as I had tried that particular schema in tandem with their broader schema previously, without success. Maybe a change I had made in another spot ultimately became what got things working. Thanks for reminding me of that separate schema.

    And I totally wish I could decide against DLP... I'll leave it at that


    DLP isn't bad.... 

     

    ...users are. :D 

    Terms & ConditionsCookie settingsAccessibility statement