Posted on 07-18-2024 08:26 PM
The jamf protect section on the official website says that it can prevent data leaks by detecting and logging AirDrop transfers, but is it possible to use jamf protect to check the contents of photos and videos sent via AirDrop by managed devices? Or does that mean that we can only see the AirDrop usage logs, but not the specific contents?
Posted on 07-19-2024 05:13 AM
I dont think any tool can intercept and copy what is being shared with AirDrop. If this is a concern, I suggest disabling AirDrop entirely.
Posted on 07-20-2024 06:51 PM
Others say it is possible, but is it really possible?
Posted on 07-19-2024 06:57 AM
It depends...
For Airdrop (Inbound) then a custom Jamf Protect analytic will show this type activity within the Protect console, but for Airdrop (Outbound) you need to use its Unified Logging feature, so will it capture the telemetry but has to be passed to a SIEM to be visible.
However on both types it just captures the file path & file name of the content
If you want to visually see the actual content then you would need DLP solution which would either make a shadow copy or use OCR scanning to capture it (Next Reveal DLP or Cososys Endpoint Protector being examples to the two most Mac friendly DLP solutions)
Example of Airdrop (Inbound) telemetry being captured:
Posted on 07-20-2024 06:39 PM
How far back can the contents of AirDrop'd photos, videos, and files be viewed? For example, one month?
Posted on 07-21-2024 11:52 PM
As I said above, only the contents can be captured by a DLP solutions to be viewable (its up to the retention period of the DLP solution on how long they are kept for).
For the file paths and filenames in Jamf Protect (as shown in my screenshot), they will be kept for 12 months or if forwarded to a SIEM, the retention period as set by the SIEM