Posted on 03-31-2023 06:18 AM
Hello all,
We are deploying out Microsoft Defender for Endpoint. Everything is going well except for setting up Device Control.
I have everything configured using the custom schema at mdatp-xplat/schema.json at master · microsoft/mdatp-xplat (github.com) , which is linked from Microsoft's documentation. I have played around with trying to get JSON into the line for device control and had no luck.
ProfileManifestsMirror/com.microsoft.wdav.json at main · Jamf-Custom-Profile-Schemas/ProfileManifest... I have tried to use the custom schema from the Profile Manifests Mirror above and none of the settings deployed at all.
I also tried iMazing Profile Editor, with both signed and unsigned, and had the same issue as the Profile Manifests Mirror (which isn't surprising since they are linked I believe).
Has anyone had any luck with developing and formatting the JSON string to use in Microsoft's schema to enable device control?
Thanks!
Posted on 03-31-2023 12:40 PM
are you looking for the PPPC settings for DLP?
Posted on 04-03-2023 07:46 AM
I do have that baked in. It is using Microsoft's Schema, the section for Device Control requires a JSON string. I think my JSON is wrong since further troubleshooting with mdatp device-control policy rules list is showing as empty.
I see they have some examples that I had tried modifying and they have scripts to convert from previous, but am I wrong that it doesn't not look like they have great guidance on configuring via that method from scratch? Are there better alternatives that do seem to work well?
Posted on 04-14-2023 05:16 AM
I've decided against DLP in the past, but it seems you're right - the policy JSON in turn needs another JSON string defining device control. You'd pretty much need a schema interpreter within the schema json for MDATP.
Like I said, I haven't done this, but it seems the schema you need for the DC JSON is here, rather than where you linked:
Posted on 04-14-2023 05:22 AM
I have managed to get it working with only the most minor tinkering of their JSON examples. Any time I tried to get it more to exactly what I would need, it would not deploy as a device control policy to the endpoint. However, as I need to potentially white list devices, I definitely will be needing to modifying significantly more so maybe I'll go back to trying to implement their schema, as I had tried that particular schema in tandem with their broader schema previously, without success. Maybe a change I had made in another spot ultimately became what got things working. Thanks for reminding me of that separate schema.
And I totally wish I could decide against DLP... I'll leave it at that
Posted on 10-10-2024 12:07 PM
Could you share what you have done to get this working?