Disablement of Airdrop and Bluetooth functionality for 3rd party Apple devices

Asifahmed
New Contributor III

Is it possible to manage the Airdrop and Bluetooth app through JAMF in such a way that it will function only on those mac devices enrolled in the same JAMF Pro console but it wont work on other Apple devices those are on different JAMF or not enrolled in any JAMF or MDM. It is for security purpose only.

5 REPLIES 5

sdagley
Esteemed Contributor II

@Asifahmed No, there are no restriction options for AWDL or Bluetooth that would support that.

Asifahmed
New Contributor III

If it is not possible to disable then user can transfer data from company's to other device. Sensitive data can be transferred to other devices. I think JAMF should think it. 

sdagley
Esteemed Contributor II

@Asifahmed I don't know if Jamf Protect offers any monitoring or interdiction for data being transferred via AirDrop or Bluetooth, but it's not a capability I'd expect in Jamf Pro because macOS has no built-in mechanism to support that restriction. If you've got a support contract with Apple I'd suggest you open a case describing how your organization needs that capability, and it wouldn't hurt to also file a request via the Feedback Assistant app.

mm2270
Legendary Contributor III

@Asifahmed what you’re referring to is a DLP (Data Loss Protection) tool, which is not what Jamf Pro is. There are several 3rd party tools that can do this on the Mac. Possibly Jamf Protect can, but I’m not certain. 

And if all you’re looking for is to stop people from copying files over Bluetooth, you could look at setting up a Restricted Software title to block Bluetooth File Exchange. That’s no guarantee of blocking any type of BT file transfer, but it should stop the majority of them. 
You’re still better off with a proper DLP product though. 

garybidwell
Contributor III

There is basic capability to restrict Airdrop connections to Contacts Only in the Address Book, but as this has no MDM management, no way to manage the contacts scale and quite easy to circumvent its pretty useless.

You can do monitoring of this with Jamf Protect which is half the battle, just the ability to know what being transferred in & out of your environment is a major advantage in controlling data leakage.