[MacOS] Deny All Bluetooth Devices Except Samsung sample difficulties in working

[peters95]

Hi,

Thanks for reading this issue! Hopefully this is monitored by someone.

TL;DR

Unable to block Bluetooth globally and/or Bluetooth sending files using the sample provided json.

Steps to Repro:

1) Apply the sample for MacOS under:

macOS/policy/samples/deny_all_bluetooth_devices_except_samsung.json

e.g. Manual policy apply command:

mdatp config device-control policy set --path macOS/policy/samples/deny_all_bluetooth_devices_except_samsung.json

Expected output:

Configuration property updated.

2) Open Bluetooth file exchange app (native macOS app)

3) Select files you desire to transfer

4) Files are successfully transfer to any device

Steps to Repro global exclusion:

1) Download sample under:

macOS/policy/samples/deny_all_bluetooth_devices_except_samsung.json

2) Modify settings.features.bluetoothDevice.disable to equal true and set global default enforcement to deny

e.g.

    "settings": {
        "features": {
            "bluetoothDevice": {
                "disable": true
            },
        },
        "global": {
            "defaultEnforcement": "deny"
        },
        "ux": {
            "navigationTarget": "http://www.microsoft.com"
        }
    }

3) Apply the configuration

e.g. Manual policy apply command:

mdatp config device-control policy set --path macOS/policy/samples/deny_all_bluetooth_devices_except_samsung.json

Expected output:

Configuration property updated.

4) Open Bluetooth file exchange app (native macOS app)

5) Select files you desire to transfer

6) Files are successfully transfer to any device

Thank you!

[j0shbregman]

What version of MacOS are you seeing this issue?

[j0shbregman]

https://learn.microsoft.com/en-us/defender-endpoint/mac-device-control-overview#known-issues @peters95