Controlling External Device

  • External devices are all devices that can be connected to the macOS system.
  • You can control an external device by disabling or removing the external device so that it can request approval for a set period of time.

Step 1. Create Device Group

  • A device group is a function that defines a set of devices required for control. It can be used for blocking or exception on the policy.

  1. Go to Policy in the top panel.

  2. Go to External Device Group in the left Policy panel.

  3. Click Tasks > Create.

  4. Find General section enter unique ID name. (e.g. "USB Storage Devices")

  5. Select OS Type > macOS in Device Group Setting section.

  6. Click Conditions > Add* and select Device Name to control.

  7. Find Settings section enter the following:

  8. If the deivce type is USB Disk, you can specify following information in Conditions.

    • Vendor: Specify USB Vendor name.
    • Model: Specify USB Model name.
    • Serial No.: Specify USB Serial Number.

  9. If the deivce type is a CD/DVD, Printer, USB Tethering or USB LanAdapter, you can specify following information in Conditions.

    • Model: Specify the Model name.

    Note

    Conditions must be defined in accordance with the language settings of the endpoints operating system.

  10. Click Add.

  11. Click Save.

Step 2. Create External Device Policy

  • Control External Device Policy defines the device groups to block or allow the target to perform device control.
  • When the plugin is uploaded, the device policy for the basic output device is provided as a template. (Device Control Policy ID: Data Prevention)
  1. Go to Policy in the top panel.
  2. Go to Policy > External Device Policy in the left Policy panel.
  3. Click Tasks > Create
  4. Find General section enter unique ID name. (e.g. "USB Storage Policy")
  5. Find Node Group section click Assign and choose Node Group
  6. Find External Devices section click Assign and choose USB Storage Devices. (You can select Default Device Group below.)
  7. Click Save.
  8. Click Apply.

External Device Exceptions :

Bluetooth Tethering
  • Network adapters that connects Android or iPhone via Bluetooth
CD/DVD
  • Devices in CD-ROM Drive Class
Local Printer
  • Printer connected directly to local PC
USB Disk
  • USB type storage device (system profiler's SPUSBDataType information)
USB Network Adapter
  • Network adapter connected via a USB port
USB Tethering
  • Network adapter connected via USB cable to the mobile device (network's hardward port is iPhone USB)
  • Android cannot connect to macOS via USB Tethering
  1. Click the Create button.

Step 3. Configure Control External Device Plugin

  1. Go to Policy in the top panel.
  2. Go to Policy > Node Policy > Agent Action in the left Policy panel.
  3. Find and click Control External Device.
  4. Find Agent Action > Control Methods section and choose to Disable or Uninstall.
  5. Click Update.

Step 4. Enable Agent Action on Node Policy

  1. Go to Policy in the top panel.
  2. Go to Policy > Node Policy in the left Policy panel.
  3. Click the desired Policy ID in Node Policy window.
  4. Find Agent Action. Click Assign.
  5. Find Control External Device in the Available section. Select and drag it into the Selected section.
  6. Click Add.
  7. Click Update.