deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 03:43:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Style

Browse Source
This commit is contained in:
Tudor Dobrila
2021-02-19 23:31:32 -08:00
parent 9b802d9e9c
commit 5eed901934
4 changed files with 14 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
windows/security/threat-protection/TOC.md
View File

@ -257,7 +257,6 @@
###### [Overview](microsoft-defender-atp/mac-device-control-overview.md) ###### [Overview](microsoft-defender-atp/mac-device-control-overview.md)
###### [JAMF examples](mac-device-control-jamf.md) ###### [JAMF examples](mac-device-control-jamf.md)
###### [Intune examples](mac-device-control-intune.md) ###### [Intune examples](mac-device-control-intune.md)
##### [Schedule scans](microsoft-defender-atp/mac-schedule-scan-atp.md) ##### [Schedule scans](microsoft-defender-atp/mac-schedule-scan-atp.md)
#### [Troubleshoot]() #### [Troubleshoot]()

6
windows/security/threat-protection/microsoft-defender-atp/mac-device-control-intune.md
View File

@ -33,7 +33,7 @@ ms.technology: mde
> [!IMPORTANT] > [!IMPORTANT]
> **Device control for macOS is currently in public preview**<br> > **Device control for macOS is currently in public preview**<br>
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. > This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
> For more information, see [Microsoft Defender for Endpoint preview features](preview.md). > See [Microsoft Defender for Endpoint preview features](preview.md) for more information.
This document contains examples of device control policies that you can customize in your own organization. These examples are applicable if you are using Intune to manage your enterprise. This document contains examples of device control policies that you can customize in your own organization. These examples are applicable if you are using Intune to manage your enterprise.
@ -238,7 +238,7 @@ The following example shows how program execution from removable media can be di
## Restrict all devices from specific vendors ## Restrict all devices from specific vendors
The following example restricts all devices from specific vendors (in this case identified by `090c` and `8068`). Note that all other devices will be unrestricted, since the permission defined at the top level of the policy lists all possible permissions (read, write, and execute). The following example restricts all devices from specific vendors (in this case identified by `090c` and `8068`). All other devices will be unrestricted, since the permission defined at the top level of the policy lists all possible permissions (read, write, and execute).
```xml ```xml
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
@ -323,7 +323,7 @@ The following example restricts all devices from specific vendors (in this case
## Restrict specific devices identified by vendor ID, product ID, and serial number ## Restrict specific devices identified by vendor ID, product ID, and serial number
The following example restricts two specific devices, identified by vendor ID `090c`, product ID `1000`, and serial numbers `04ZSSMHI2O7WBVOA` and `04ZSSMHI2O7WBVOB`. Note that at all other levels of the policy the permissions include all possible values (read, write, and execute), meaning that all other devices will be unrestricted. The following example restricts two specific devices, identified by vendor ID `090c`, product ID `1000`, and serial numbers `04ZSSMHI2O7WBVOA` and `04ZSSMHI2O7WBVOB`. At all other levels of the policy the permissions include all possible values (read, write, and execute), meaning that all other devices will be unrestricted.
```xml ```xml
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>

6
windows/security/threat-protection/microsoft-defender-atp/mac-device-control-jamf.md
View File

@ -33,7 +33,7 @@ ms.technology: mde
> [!IMPORTANT] > [!IMPORTANT]
> **Device control for macOS is currently in public preview**<br> > **Device control for macOS is currently in public preview**<br>
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. > This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
> For more information, see [Microsoft Defender for Endpoint preview features](preview.md). > See [Microsoft Defender for Endpoint preview features](preview.md) for more information.
This document contains examples of device control policies that you can customize in your own organization. These examples are applicable if you are using JAMF to manage your enterprise. This document contains examples of device control policies that you can customize in your own organization. These examples are applicable if you are using JAMF to manage your enterprise.
@ -115,7 +115,7 @@ The following example shows how program execution from removable media can be di
## Restrict all devices from specific vendors ## Restrict all devices from specific vendors
The following example restricts all devices from specific vendors (in this case identified by `090c` and `8068`). Note that all other devices will be unrestricted, since the permission defined at the top level of the policy lists all possible permissions (read, write, and execute). The following example restricts all devices from specific vendors (in this case identified by `090c` and `8068`). All other devices will be unrestricted, since the permission defined at the top level of the policy lists all possible permissions (read, write, and execute).
```xml ```xml
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
@ -159,7 +159,7 @@ The following example restricts all devices from specific vendors (in this case
## Restrict specific devices identified by vendor ID, product ID, and serial number ## Restrict specific devices identified by vendor ID, product ID, and serial number
The following example restricts two specific devices, identified by vendor ID `090c`, product ID `1000`, and serial numbers `04ZSSMHI2O7WBVOA` and `04ZSSMHI2O7WBVOB`. Note that at all other levels of the policy the permissions include all possible values (read, write, and execute), meaning that all other devices will be unrestricted. The following example restricts two specific devices, identified by vendor ID `090c`, product ID `1000`, and serial numbers `04ZSSMHI2O7WBVOA` and `04ZSSMHI2O7WBVOB`. At all other levels of the policy the permissions include all possible values (read, write, and execute), meaning that all other devices will be unrestricted.
```xml ```xml
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>

16
windows/security/threat-protection/microsoft-defender-atp/mac-device-control-overview.md
View File

@ -33,7 +33,7 @@ ms.technology: mde
> [!IMPORTANT] > [!IMPORTANT]
> **Device control for macOS is currently in public preview**<br> > **Device control for macOS is currently in public preview**<br>
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. > This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
> For more information, see [Microsoft Defender for Endpoint preview features](preview.md). > See [Microsoft Defender for Endpoint preview features](preview.md) for more information.
## Requirements ## Requirements
@ -88,7 +88,7 @@ The device control policy can be used to:
### Customize URL target for notifications raised by device control ### Customize URL target for notifications raised by device control
When the device control policy that you have put in place is enforced on a device (*e.g.* access to a removable media device is restricted), a notification is displayed to the user. When the device control policy that you have put in place is enforced on a device (for example, access to a removable media device is restricted), a notification is displayed to the user.
![Device control notification](images/mac-device-control-notification.png) ![Device control notification](images/mac-device-control-notification.png)
@ -132,13 +132,13 @@ This section of the policy is hierarchical, allowing for maximum flexibility and
For information on how to find the device identifiers, see [Look up device identifiers](#look-up-device-identifiers). For information on how to find the device identifiers, see [Look up device identifiers](#look-up-device-identifiers).
The policy is evaluated from the most specific entry to the most general one. In other words, the product tries to find the most specific match in the policy for each removable media device and apply the permissions at that level. If there is no match, then the next best match is applied, all the way to the permission specified at the top-level, which is the default when a device does not match any other entry. The policy is evaluated from the most specific entry to the most general one. In other words, the product tries to find the most specific match in the policy for each removable media device and apply the permissions at that level. If there is no match, then the next best match is applied, all the way to the permission specified at the top level, which is the default when a device does not match any other entry.
#### Policy enforcement level #### Policy enforcement level
Under the removable media section, there is an option to set the enforcement level, which can take one of the following values: Under the removable media section, there is an option to set the enforcement level, which can take one of the following values:
- `audit` - Under this enforcement level, if access to a device is restricted, a notification is displayed to the user, however the device can still be used. This can be useful to evaluate the effectiveness of a policy. - `audit` - Under this enforcement level, if access to a device is restricted, a notification is displayed to the user, however the device can still be used. This enforcement level can be useful to evaluate the effectiveness of a policy.
- `block` - Under this enforcement level, the operations that the user can perform on the device are limited to what is defined in the policy. Furthermore, a notification is raised to the user. - `block` - Under this enforcement level, the operations that the user can perform on the device are limited to what is defined in the policy. Furthermore, a notification is raised to the user.
||| |||
@ -155,7 +155,7 @@ At the top level of the removable media section, you can configure the default p
This setting can be set to: This setting can be set to:
- `none` - no operations can be performed against the device - `none` - no operations can be performed against the device
- A combination of the following: - A combination of the following values:
- `read` - Read operations are permitted on the device - `read` - Read operations are permitted on the device
- `write` - Write operations are permitted on the device - `write` - Write operations are permitted on the device
- `execute` - Execute operations are permitted on the device - `execute` - Execute operations are permitted on the device
@ -290,7 +290,7 @@ We have included more examples of device control policies in the following docum
#### Look up device identifiers #### Look up device identifiers
To find the vendor ID, product ID, and serial number of a USB device, do the following: To find the vendor ID, product ID, and serial number of a USB device:
1. Log into a Mac device. 1. Log into a Mac device.
1. Plug in the USB device for which you want to look up the identifiers. 1. Plug in the USB device for which you want to look up the identifiers.
@ -310,11 +310,11 @@ To find the vendor ID, product ID, and serial number of a USB device, do the fol
![Details of a USB device](images/mac-device-control-lookup-4.png) ![Details of a USB device](images/mac-device-control-lookup-4.png)
1. The vendor ID, product ID, and serial number are displayed. Note that when adding the vendor ID and product ID to the removable media policy, you should only add the part after `0x`. For example, in the below image, vendor ID is `1000` and product ID is `090c`. 1. The vendor ID, product ID, and serial number are displayed. When adding the vendor ID and product ID to the removable media policy, you should only add the part after `0x`. For example, in the below image, vendor ID is `1000` and product ID is `090c`.
#### Discover USB devices in your organization #### Discover USB devices in your organization
You can view mount, unmount, and volume change events originating from USB devices in Microsoft Defender for Endpoint advanced hunting. This can be helpful to identify suspicious usage activity or perform internal investigations. You can view mount, unmount, and volume change events originating from USB devices in Microsoft Defender for Endpoint advanced hunting. These events can be helpful to identify suspicious usage activity or perform internal investigations.
``` ```
DeviceEvents DeviceEvents