What's new in Jamf Protect

michael_devins
Contributor II
Contributor II

Today, we released a new feature: Removable Storage Controls

 

Jamf Protect administrators can now manage or prevent the use of removable storage devices to protect against accidental data loss and unauthorized access. For example, USB devices can be restricted or allowed based upon encryption status, vendor ID, product ID or device serial number.
 
Administrators can configure Removable Storage Control Sets to apply increasingly granular rules applied to all removable storage devices, as well as allow use of specific devices with optional overrides. End users will see a popup alert if they attempt to connect a restricted device.
 
 
Note: This feature is only available for computers with macOS 10.15 or later.
 
Also included in this release is agent 3.2.0, which resolves the following:
  • Users can no longer uninstall Jamf Protect from computers without using the uninstall  package.
  • The USBInserted event now correctly reports on computers with macOS 12.
  • Threat Prevention and Custom Prevent matches are now properly quarantined if translocated.
For additional details about this release, see the Jamf Protect Release Notes at https://docs.jamf.com/jamf-protect/documentation/Release_History.html.
5 REPLIES 5

nwiseman
Contributor

This is fantastic and we're already testing it out. One thing we noticed is that the Card Reader doesn't fall under the same restriction. I've created this feature request. JN-I-25955


PAR35H
New Contributor

Wow That's Incredible and very useful in Corporate IT Asset Management.

cpresnall
Contributor

Has the removable storage restriction been updated to ignore .dmg files and only target the physically removable storage with this change?

KariL
New Contributor III
New Contributor III

We ignore disk images, including .dmg files.

DTB_Kirky
New Contributor III

Hi, I’ve just added Protect to our Jamf Pro and testing the ‘Removeable Storage Control’ to be Read-only unless usb drive is encrypted.  This works ok, but I can then decrypt the drive and continue to write to the drive?  Does the policy only detect the drive when inserted into Mac?