2 weeks ago
for a device which has jafm Manuel enrollment payroll MdM, would the administrator be able to see if a file was airdropped from said device to another device?
I’ve seen conflicting information as some stuff says that airdrop is encrypted and not allowed because of apple’s privacy, but also seen other stuff.
in any case, would there be a log of the file that was sent and the device it was sent to?
2 weeks ago
in several jamf logs I noticed there was no airdrop log history feature (one of which is Application Usage Logs) AirDrop's encryption and Apple's privacy policies mean they can't directly monitor files or the recipient device in an AirDrop transfer.
2 weeks ago - last edited 2 weeks ago
Assuming apple does not obfuscate AirDrop logging which I think they do. You would need a tool like Jamf Protect or Splunk Forwarder to redirect the macOS event logs to SIEM, then reporting to string together the events to know what was an AirDrop transfer and what was transferred. If AirDrop is a concern (which it should be), you really need to just disable it. There is not a specific log file for AirDrop that I am aware of, anything reported will be in macOS Console logs.
2 weeks ago
I just finished something like this working with our security team. You are both correct. the connection is encrypted, however there are log predicates that can show the event albeit anonymous, that can be sent to a SIEM. This site has a good info on log predicates In the end we just disabled it as per CIS/PCI compliance, but have the predicate just in case
a week ago
Thank you.