Help

Jamf/Defender USB block issues

Dperk
New Contributor III

Posted on ‎04-18-2024 09:24 AM

Has anyone had any luck getting defender config profiles to block USB storage in jamf? I had gotten it to work using the guide provided by Microsoft a few months ago, but recently it appears to no longer be working. We've tried changing the plist that microsoft provided in the config profile to disable USB but it just doesnt appear to work. If anyones in a similar situation and gotten it to work, id love to know what you did. 

 

Our company isnt looking to use jamf protect just for the USB blocking. 

Reply
3 REPLIES 3

jamf-42
Valued Contributor II

‎04-18-2024 09:43 AM - edited ‎04-18-2024 09:44 AM

i have it working, but its a total pig to configure.. 

JSON string (from MS examples) - in Device Control - Device Control Policy: 

 

 

{ "groups": [ { "$type": "device", "id": "519a2e50-3bb7-49b7-9ae0-6feb415d58ca", "name": "All Removable Media Devices", "query": { "$type": "all", "clauses": [ { "$type": "primaryId", "value": "removable_media_devices" } ] } } ], "rules": [ { "id": "69a4a010-acb1-4573-8a58-50cf4ee7bc7f", "name": "Deny RWX to all Removable Media Devices", "includeGroups": [ "519a2e50-3bb7-49b7-9ae0-6feb415d58ca" ], "entries": [ { "__comments": "Deny Read, Write, and Execute.", "$type": "removableMedia", "id": "c7a13940-5c14-49f6-b0fb-b0978bf0f8cc", "enforcement": { "$type": "deny" }, "access": [ "read", "write", "execute" ] }, { "__comments": "Show UX and send events for all blocked operations.", "$type": "removableMedia", "id": "ae5672a9-0746-41e7-8c21-63222f1aa304", "enforcement": { "$type": "auditDeny", "options": [ "send_event", "show_notification" ] }, "access": [ "read", "write", "execute" ] } ] } ], "settings": { "features": { "removableMedia": { "disable": false } }, "global": { "defaultEnforcement": "allow" }, "ux": { "navigationTarget": "http://www.microsoft.com" } } }

 

 

Data Loss Prevention

Feature 

Feature Name 

DC_in_dlp

State

Enabled 

jamf42_0-1713458635726.png

 

0 Kudos
Reply

trevoredwards
New Contributor III

Posted on ‎05-08-2024 02:25 PM

I'm working on getting this configured currently and find Microsoft's documentation...lacking, to say the least. Any advice or additional resources you can share? 

0 Kudos
Reply

robertliebsch
Contributor

Posted on ‎06-27-2024 02:11 PM

the includedGroups and (not here, but optional) excludedGroups 

are these the ObjectIDs of EntraID groups?

0 Kudos
Reply