Deploy and manage Device Control using Intune
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
- Microsoft Defender for Business
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
Microsoft Defender for Endpoint Device Control feature enables you to audit, allow, or prevent the read, write, or execute access to removable storage, and allows you to manage iOS and Portable device and Bluetooth media with or without exclusions.
Before you get started with Removable Storage Access Control, you must confirm your Microsoft 365 subscription. To access and use Removable Storage Access Control, you must have Microsoft 365 E3.
Deploy policy by using Intune
Step 1: Build mobileconfig file
Now, you have 'groups' and 'rules' and 'settings', replace the mobileconfig file with those values and put it under the Device Control node, here is the demo file: mdatp-devicecontrol/demo.mobileconfig at main - microsoft/mdatp-devicecontrol (github.com). Make sure validate your policy with the JSON schema to make sure your policy format is correct: mdatp-devicecontrol/device_control_policy_schema.json at main - microsoft/mdatp-devicecontrol (github.com).
See Device Control for macOS for information about settings, rules and groups.
Deploy the mobileconfig file using Intune
You can deploy the mobileconfig file through https://endpoint.microsoft.com/ > Devices > macOS:
- select 'Create profile'
- select 'Templates' and 'Custom'
- Device Control for macOS
- Deploy and manage Device Control using jamf
- macOS Device Control frequently asked questions (FAQ)
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.