Help

Airdrops on Jamf Pro (Manual Enrollment)

jamesg2029
New Contributor

3 weeks ago

for a device which has jafm Manuel enrollment payroll MdM, would the administrator be able to see if a file was airdropped from said device to another device? 

I’ve seen conflicting information as some stuff says that airdrop is encrypted and not allowed because of apple’s privacy, but also seen other stuff. 

in any case, would there be a log of the file that was sent and the device it was sent to?

0 Kudos
Reply
4 REPLIES 4

agungsujiwo
Contributor

3 weeks ago

in several jamf logs I noticed there was no airdrop log history feature (one of which is Application Usage Logs) AirDrop's encryption and Apple's privacy policies mean they can't directly monitor files or the recipient device in an AirDrop transfer.

0 Kudos
Reply

AJPinto
Honored Contributor III

2 weeks ago - last edited 2 weeks ago

Assuming apple does not obfuscate AirDrop logging which I think they do. You would need a tool like Jamf Protect or Splunk Forwarder to redirect the macOS event logs to SIEM, then reporting to string together the events to know what was an AirDrop transfer and what was transferred. If AirDrop is a concern (which it should be), you really need to just disable it. There is not a specific log file for AirDrop that I am aware of, anything reported will be in macOS Console logs.

0 Kudos
Reply

efil4xiN
Contributor II

2 weeks ago

I just finished something like this working with our security team. You are both correct. the connection is encrypted, however there are log predicates that can show the event albeit anonymous, that can be sent to a SIEM. This site has a good info on log predicates  In the end we just disabled it as per CIS/PCI compliance, but have the predicate just in case

Reply

SerenityPrice
New Contributor

a week ago

Thank you.

0 Kudos
Reply