Jamf/Defender USB block issues

Dperk
New Contributor III

Has anyone had any luck getting defender config profiles to block USB storage in jamf? I had gotten it to work using the guide provided by Microsoft a few months ago, but recently it appears to no longer be working. We've tried changing the plist that microsoft provided in the config profile to disable USB but it just doesnt appear to work. If anyones in a similar situation and gotten it to work, id love to know what you did. 

 

Our company isnt looking to use jamf protect just for the USB blocking. 

3 REPLIES 3

jamf-42
Valued Contributor II

i have it working, but its a total pig to configure.. 

JSON string (from MS examples) - in Device Control - Device Control Policy: 

 

 

{ "groups": [ { "$type": "device", "id": "519a2e50-3bb7-49b7-9ae0-6feb415d58ca", "name": "All Removable Media Devices", "query": { "$type": "all", "clauses": [ { "$type": "primaryId", "value": "removable_media_devices" } ] } } ], "rules": [ { "id": "69a4a010-acb1-4573-8a58-50cf4ee7bc7f", "name": "Deny RWX to all Removable Media Devices", "includeGroups": [ "519a2e50-3bb7-49b7-9ae0-6feb415d58ca" ], "entries": [ { "__comments": "Deny Read, Write, and Execute.", "$type": "removableMedia", "id": "c7a13940-5c14-49f6-b0fb-b0978bf0f8cc", "enforcement": { "$type": "deny" }, "access": [ "read", "write", "execute" ] }, { "__comments": "Show UX and send events for all blocked operations.", "$type": "removableMedia", "id": "ae5672a9-0746-41e7-8c21-63222f1aa304", "enforcement": { "$type": "auditDeny", "options": [ "send_event", "show_notification" ] }, "access": [ "read", "write", "execute" ] } ] } ], "settings": { "features": { "removableMedia": { "disable": false } }, "global": { "defaultEnforcement": "allow" }, "ux": { "navigationTarget": "http://www.microsoft.com" } } }

 

 

Data Loss Prevention

Feature 

Feature Name 

DC_in_dlp

State

Enabled 

jamf42_0-1713458635726.png

 

trevoredwards
New Contributor III

I'm working on getting this configured currently and find Microsoft's documentation...lacking, to say the least. Any advice or additional resources you can share? 

robertliebsch
Contributor

the includedGroups and (not here, but optional) excludedGroups 

are these the ObjectIDs of EntraID groups?