macOS Big Sur Deprecated Media Restrictions

gragnarok
Release Candidate Programs Tester

Noticed on the restrictions payload in configuration profiles that Media Restrictions are listed as deprecated after macOS 10.15. Does anybody know if there is an alternative method for blocking external drives in Big Sur?

10 REPLIES 10

tlarkin
Honored Contributor

Not only is it deprecated, after the release of big sur, it is also highly broken and I have an open FB ticket with Apple on it, FB8962596

sdagley
Esteemed Contributor II

Both McAfee's File & Removable Media Protection and Microsoft's Microsoft Defender for Endpoint products list the capability to control access for removable media (no endorsement of either is provided/implied/inferred)

user-tEzSLsPufr
New Contributor

Any follow up on this? Is it just hidden somewhere else now?

glennmiller
New Contributor III

I'd like to know more also. Can't find any documentation.
We are on Jamf Pro 10.30.3 and this payload still works on Big Sur for 11.4, yet says it was deprecated post 10.15.

tlarkin
Honored Contributor

@glennmiller so Apple did not announce this deprecation at WWDC last year with Big Sur (or I missed it), and it was marked deprecated at the Big Sur release. I have an open FB ticket with Apple posted above. If you have any sort of AppleCare support agreement I would suggest opening a ticket and referencing my FB ticket. I have supplied a lot of data to it, but Apple has pretty much ignored it.

I think that driver kit and system extensions will probably replace this functionality, but media restrictions are highly broken in big sur and less broken in catalina and mojave, but I have been able to reproduce this issue all the way back to mojave. I did not test any further before Mojave though.

glennmiller
New Contributor III

Thanks @tlarkin . I might take a slightly different approach and go through our Apple Enterprise contacts. If I find out anything meaningful, will post here.

Polybius
New Contributor III

I have a profile installed with Allow on the restrictions section but when I check the profile in System Preferences, it shows Deny for all mount rules. I'm guessing this is why I can't mount any external USB drives. Anybody know how I can fix this?

stutz
Contributor

Any word on if this is actually getting removed?  I just tested on Monterey 12.0.1 and it seems to still work as expected (block external drives).

jttavares
New Contributor III

Still working for me as well on Monterey 12.2.1.  Can make ext drives read only or block mounting completely.  If this is going to be removed, I need an alternative as all our CORP systems do not allow USB storage.

 

henrybryan1
New Contributor

Kicking up the dust on this thread. I just deployed this to a Sonoma and Sequoia machine and it still works properly. We have two configs, General Restrictions, and Lightened Restrictions (for developers and such) and both are working to block external storage, or allow external storage.