Jamf Nation Community

Jhonon · ‎07-18-2024

The jamf protect section on the official website says that it can prevent data leaks by detecting and logging AirDrop transfers, but is it possible to use jamf protect to check the contents of photos and videos sent via AirDrop by managed devices? Or does that mean that we can only see the AirDrop usage logs, but not the specific contents?

AJPinto · ‎07-19-2024

I dont think any tool can intercept and copy what is being shared with AirDrop. If this is a concern, I suggest disabling AirDrop entirely.

Jhonon · ‎07-20-2024

Others say it is possible, but is it really possible?

garybidwell · ‎07-19-2024

It depends...
For Airdrop (Inbound) then a custom Jamf Protect analytic will show this type activity within the Protect console, but for Airdrop (Outbound) you need to use its Unified Logging feature, so will it capture the telemetry but has to be passed to a SIEM to be visible.

However on both types it just captures the file path & file name of the content
If you want to visually see the actual content then you would need DLP solution which would either make a shadow copy or use OCR scanning to capture it (Next Reveal DLP or Cososys Endpoint Protector being examples to the two most Mac friendly DLP solutions)

Example of Airdrop (Inbound) telemetry being captured:

Jhonon · ‎07-20-2024

How far back can the contents of AirDrop'd photos, videos, and files be viewed? For example, one month?

garybidwell · ‎07-21-2024

As I said above, only the contents can be captured by a DLP solutions to be viewable (its up to the retention period of the DLP solution on how long they are kept for).

For the file paths and filenames in Jamf Protect (as shown in my screenshot), they will be kept for 12 months or if forwarded to a SIEM, the retention period as set by the SIEM

Jamf Nation Community

AirDropについて