Controlling External Device =========================== - External devices are all devices that can be connected to the macOS system. - You can control an external device by disabling or removing the external device so that it can request approval for a set period of time. Step 1. Create Device Group --------------------------- - A device group is a function that defines a set of devices required for control. It can be used for blocking or exception on the policy. #. Go to **Policy** in the top panel. #. Go to **External Device Group** in the left Policy panel. #. Click **Tasks > Create.** #. Find **General** section enter unique **ID name.** (*e.g. "USB Storage Devices"*) #. Select **OS Type > macOS** in Device Group Setting section. #. Click *Conditions > Add** and select **Device Name** to control. #. Find **Settings** section enter the following: #. If the deivce type is USB Disk, you can specify following information. - **USB Vendor**: Specify USB Vendor name. - **USB Model**: Specify USB Model name. - **USB Serial No.**: Specify USB Serial Number. .. note:: Conditions must be defined in accordance with the language settings of the endpoints operating system. #. Click **Add.** #. Click **Save.** Step 2. Create External Device Policy ------------------------------------- + Control External Device Policy defines the device groups to block or allow the target to perform device control. + When the plugin is uploaded, the device policy for the basic output device is provided as a template. (Device Control Policy ID: Data Prevention) #. Go to **Policy** in the top panel. #. Go to **Policy > External Device Policy** in the left Policy panel. #. Click **Tasks > Create** #. Find **General** section enter unique **ID name.** (*e.g. "USB Storage Policy"*) #. Find **Node Group** section click **Assign** and choose **Node Group** #. Find **External Devices** section click **Assign** and choose **USB Storage Devices.** (You can select **Default Device Group** below.) #. Click **Save.** #. Click **Apply.** **External Device Exceptions :** +------------------------------+-----------------------------------------------------------------------------------------------------------------+ | **Bluetooth Tethering** |- Network adapters that connects Android or iPhone via Bluetooth | +------------------------------+-----------------------------------------------------------------------------------------------------------------+ | **CD/DVD** |- Devices in CD-ROM Drive Class | +------------------------------+-----------------------------------------------------------------------------------------------------------------+ | **Local Printer** |- Printer connected directly to local PC | +------------------------------+-----------------------------------------------------------------------------------------------------------------+ | **USB Disk** |- USB type storage device (system profiler's SPUSBDataType information) | +------------------------------+-----------------------------------------------------------------------------------------------------------------+ | **USB Network Adapter** |- Network adapter connected via a USB port | +------------------------------+-----------------------------------------------------------------------------------------------------------------+ | **USB Tethering** |- Network adapter connected via USB cable to the mobile device (network's hardward port is iPhone USB) | | |- Android cannot connect to macOS via USB Tethering | +------------------------------+-----------------------------------------------------------------------------------------------------------------+ #. Click the **Create** button. Step 3. Configure Control External Device Plugin ------------------------------------------------ #. Go to **Policy** in the top panel. #. Go to **Policy > Node Policy > Agent Action** in the left Policy panel. #. Find and click **Control External Device.** #. Find **Agent Action > Control Methods** section and choose to **Disable** or **Uninstall.** #. Click **Update.** Step 4. Enable Agent Action on Node Policy ------------------------------------------ #. Go to **Policy** in the top panel. #. Go to **Policy > Node Policy** in the left Policy panel. #. Click the **desired Policy ID** in Node Policy window. #. Find **Agent Action**. Click **Assign.** #. Find **Control External Device** in the **Available** section. Select and drag it into the **Selected** section. #. Click **Add.** #. Click **Update.**