Closed peters95 closed 2 months ago
Hi,
Thanks for reading this issue! Hopefully this is monitored by someone.
TL;DR
Unable to block Bluetooth globally and/or Bluetooth sending files using the sample provided json.
Steps to Repro:
1) Apply the sample for MacOS under:
macOS/policy/samples/deny_all_bluetooth_devices_except_samsung.json
e.g. Manual policy apply command:
mdatp config device-control policy set --path macOS/policy/samples/deny_all_bluetooth_devices_except_samsung.json
Expected output:
Configuration property updated.
2) Open Bluetooth file exchange app (native macOS app)
3) Select files you desire to transfer
4) Files are successfully transfer to any device
Steps to Repro global exclusion:
1) Download sample under:
2) Modify settings.features.bluetoothDevice.disable to equal true and set global default enforcement to deny
e.g.
"settings": { "features": { "bluetoothDevice": { "disable": true }, }, "global": { "defaultEnforcement": "deny" }, "ux": { "navigationTarget": "http://www.microsoft.com" } }
3) Apply the configuration
4) Open Bluetooth file exchange app (native macOS app)
5) Select files you desire to transfer
6) Files are successfully transfer to any device
Thank you!
What version of MacOS are you seeing this issue?
https://learn.microsoft.com/en-us/defender-endpoint/mac-device-control-overview#known-issues @peters95
Hi,
Thanks for reading this issue! Hopefully this is monitored by someone.
TL;DR
Unable to block Bluetooth globally and/or Bluetooth sending files using the sample provided json.
Steps to Repro:
1) Apply the sample for MacOS under:
macOS/policy/samples/deny_all_bluetooth_devices_except_samsung.json
e.g. Manual policy apply command:
mdatp config device-control policy set --path macOS/policy/samples/deny_all_bluetooth_devices_except_samsung.json
Expected output:
Configuration property updated.
2) Open Bluetooth file exchange app (native macOS app)
3) Select files you desire to transfer
4) Files are successfully transfer to any device
Steps to Repro global exclusion:
1) Download sample under:
macOS/policy/samples/deny_all_bluetooth_devices_except_samsung.json
2) Modify settings.features.bluetoothDevice.disable to equal true and set global default enforcement to deny
e.g.
3) Apply the configuration
e.g. Manual policy apply command:
mdatp config device-control policy set --path macOS/policy/samples/deny_all_bluetooth_devices_except_samsung.json
Expected output:
Configuration property updated.
4) Open Bluetooth file exchange app (native macOS app)
5) Select files you desire to transfer
6) Files are successfully transfer to any device
Thank you!