- Jamf Nation Community
- Products
- Jamf Pro
- Re: How to Block External USB-C Access for All Mac...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to Block External USB-C Access for All Mac Devices via Jamf Pro?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
17 hours ago
We want to block external USB-C access on all our Mac devices using Jamf Pro. While we are aware that Jamf Protect offers functionality to block USB access, we do not currently have Protect and would like to achieve this using Jamf Pro alone.
I attempted to configure restrictions in a Configuration Profile under Media (even though it is marked as deprecated). This approach worked on Intel-based Macs running macOS 15.2 (Sequoia), but it does not seem to work on Apple Silicon devices.
Is there a way to consistently block USB access across all Mac devices (both Intel and Apple Silicon) using Jamf Pro?
Any advice or guidance would be greatly appreciated.
Reply
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
16 hours ago
Unfortunately there is no way to do this without as you mentioned Jamf Protect, or a similar piece of software.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
16 hours ago
Apple moved this functionality from the MDM framework to the Security framework a few years ago. If you check the restrictions payload for a configuration profile you still see check boxes for this stuff with deprecated next to it.
There is nothing Jamf Pro can do in this space; you need to get the right tool for the job. DLP is not cheap, and your employer needs to be prepared to pay for it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
15 hours ago - last edited 12 hours ago
@deep786 Are you talking about USB devices in general, or specifically USB external storage devices? If the latter, would forcing any external physical storage device into Read-Only mode be a viable option? If it is you can achieve that using Jamf Pro to install a Launch Daemon and a script. In simplest terms the Launch Daemon would be configured to trigger whenever a drive was mounted and it would run a script to force any external physical storage devices into Read-Only mode.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12 hours ago
We have achieve this through our EDR Solution SentinelOne
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11 hours ago
I thought I read somewhere that declarations were being implemented sometime soon for managing USB devices again?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10 hours ago
Apple did add media blocking to DDM in macOS Sequoia. Jamf announced support for this feature at JNUC last October through Blueprints, but has not released it yet. Hopefully in the next few months.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10 hours ago
Ah yes, thats right. I found the declaration that I was thinking of.
