Preventing External Media From Being Written to if not Encrypted

Knight_Owl
New Contributor III

Hello All,

I am looking into ways only to allow external media to be written to if encrypted. It seems to have been deprecated using Jamf Pro. Is there a PLIST file I can edit or a terminal command I can push to make this happen?

2 REPLIES 2

AJPinto
Honored Contributor III

Its not that USB controls were deprecated in JAMF, its that Apple depreciated any form of DLP controls with MDM in general. You will need to source and purchase a Data Loss Prevention tool to get any kind of control over USB data transfer. Tools like ForcePoint work well, but I am not sure if they cover your specific ask.

garybidwell
Contributor III

The old USB control was a feature of the MDM Media restrictions but Apple announced its deprecation back with macOS 11 although still worked at least on early macOS 12 versions up until recently, although it never had the ability to specify if the media was encrypted or not. (its was just Allow, Authenticate or Read-Only)

However Jamf Protect has this very feature for only allowing its use if the storage is encrypted.
https://learn.jamf.com/bundle/jamf-protect-documentation/page/Device_Controls.html