Controlling External Device

  • External devices are all devices that can be connected to the macOS system.
  • You can control an external device by disabling or removing the external device so that it can request approval for a set period of time.

Step 1. Create Device Group

  • A device group is a function that defines a set of devices required for control. It can be used for blocking or exception on the policy.

  1. Go to Policy in the top panel.

  2. Go to External Device Group in the left Policy panel.

  3. Click Tasks > Create.

  4. Find General section enter unique ID name. (e.g. "USB Storage Devices")

  5. Select OS Type > macOS in Device Group Setting section.

  6. Click Conditions > Add* and select Device Name to control.

  7. Find Settings section enter the following:

  8. If the deivce type is USB Disk, you can specify following information.

    • USB Vendor: Specify USB Vendor name.
    • USB Model: Specify USB Model name.
    • USB Serial No.: Specify USB Serial Number.

    Note

    Conditions must be defined in accordance with the language settings of the endpoints operating system.

  9. Click Add.

  10. Click Save.

Step 2. Create External Device Policy

  • Control External Device Policy defines the device groups to block or allow the target to perform device control.
  • When the plugin is uploaded, the device policy for the basic output device is provided as a template. (Device Control Policy ID: Data Prevention)
  1. Go to Policy in the top panel.
  2. Go to Policy > External Device Policy in the left Policy panel.
  3. Click Tasks > Create
  4. Find General section enter unique ID name. (e.g. "USB Storage Policy")
  5. Find Node Group section click Assign and choose Node Group
  6. Find External Devices section click Assign and choose USB Storage Devices. (You can select Default Device Group below.)
  7. Click Save.
  8. Click Apply.

External Device Exceptions :

  1. Click the Create button.

Step 3. Configure Control External Device Plugin

  1. Go to Policy in the top panel.
  2. Go to Policy > Node Policy > Agent Action in the left Policy panel.
  3. Find and click Control External Device.
  4. Find Agent Action > Control Methods section and choose to Disable or Uninstall.
  5. Click Update.

Step 4. Enable Agent Action on Node Policy

  1. Go to Policy in the top panel.
  2. Go to Policy > Node Policy in the left Policy panel.
  3. Click the desired Policy ID in Node Policy window.
  4. Find Agent Action. Click Assign.
  5. Find Control External Device in the Available section. Select and drag it into the Selected section.
  6. Click Add.
  7. Click Update.