Help

Device Control with Microsoft Defender

WilsonFredonia
New Contributor III

Posted on ‎03-31-2023 06:18 AM

Hello all,

We are deploying out Microsoft Defender for Endpoint. Everything is going well except for setting up Device Control.

I have everything configured using the custom schema at mdatp-xplat/schema.json at master · microsoft/mdatp-xplat (github.com) , which is linked from Microsoft's documentation. I have played around with trying to get JSON into the line for device control and had no luck.

ProfileManifestsMirror/com.microsoft.wdav.json at main · Jamf-Custom-Profile-Schemas/ProfileManifest... I have tried to use the custom schema from the Profile Manifests Mirror above and none of the settings deployed at all.

I also tried iMazing Profile Editor, with both signed and unsigned, and had the same issue as the Profile Manifests Mirror (which isn't surprising since they are linked I believe).

Has anyone had any luck with developing and formatting the JSON string to use in Microsoft's schema to enable device control?

Thanks!

 

0 Kudos
4 REPLIES 4

dmccluskey
Contributor

Posted on ‎03-31-2023 12:40 PM

are you looking for the PPPC settings for DLP?

2023-03-31_14-38-37.png

0 Kudos

WilsonFredonia
New Contributor III
In response to dmccluskey

Posted on ‎04-03-2023 07:46 AM

I do have that baked in. It is using Microsoft's Schema, the section for Device Control requires a JSON string. I think my JSON is wrong since further troubleshooting with mdatp device-control policy rules list is showing as empty.

I see they have some examples that I had tried modifying and they have scripts to convert from previous, but am I wrong that it doesn't not look like they have great guidance on configuring via that method from scratch? Are there better alternatives that do seem to work well?

0 Kudos

piotrr
Contributor III

Posted on ‎04-14-2023 05:16 AM

I've decided against DLP in the past, but it seems you're right - the policy JSON in turn needs another JSON string defining device control. You'd pretty much need a schema interpreter within the schema json for MDATP. 

Like I said, I haven't done this, but it seems the schema you need for the DC JSON is here, rather than where you linked: 

mdatp-devicecontrol/device_control_policy_schema.json at main · microsoft/mdatp-devicecontrol · GitH... 

0 Kudos

WilsonFredonia
New Contributor III
In response to piotrr

Posted on ‎04-14-2023 05:22 AM

I have managed to get it working with only the most minor tinkering of their JSON examples. Any time I tried to get it more to exactly what I would need, it would not deploy as a device control policy to the endpoint. However, as I need to potentially white list devices, I definitely will be needing to modifying significantly more so maybe I'll go back to trying to implement their schema, as I had tried that particular schema in tandem with their broader schema previously, without success. Maybe a change I had made in another spot ultimately became what got things working. Thanks for reminding me of that separate schema.

And I totally wish I could decide against DLP... I'll leave it at that

0 Kudos