05-02-2024 03:34 PM - edited 05-03-2024 10:29 AM
JumpCloud is thrilled to announce the return of USB Blocking on macOS, starting today! This crucial technology represents a step forward for JumpCloud through implementing Endpoint Security framework from Apple to provide responsible blocking for storage devices, and paving the way for future security improvements. Admins can now block external storage volumes connected over USB, Thunderbolt, or even SD Card readers with one simple policy, powered by the JumpCloud Agent and controlled over MDM.
This key advance in JumpCloud’s functionality is available immediately.
End users who connect an external storage device to a Mac with a USB External Storage Restriction Policy bound will not be able to mount any volumes from the device in the Finder, or via the command line. Devices that are not storage devices will continue to work as they have previously, so external keyboards and mice, as well as other control and input devices, will continue to work as usual.
Every environment is different, and every organization needs to protect the data that they collect to make sure that it doesn’t leave where it’s permitted to be. In some organizations, that data can include payment card information, personally identifiable information, or even medical records and other similarly sensitive data. The cost of data compromises like this can be substantial, from regulatory fees to insurance costs to lost customers and lost trust.
For those that want to set this up immediately, this functionality is available in version 1.188.0 of the Agent. It is controlled through an MDM policy in the Mac USB External Storage Restriction Policy available today!
This functionality works on all supported versions of macOS at JumpCloud.
We’re very excited to put this key security control back in the hands of JumpCloud admins, and can’t wait to hear your feedback.
What kind of USB Devices are blocked with this policy?
This policy applies to attached storage volumes only. Storage volumes include thumb or jump drives, backup hard drives, externally attached storage arrays, and other disk interfaces.
What happens if you try to connect a keyboard or mouse to a device that has this policy?
Interface devices, like keyboards, mice, trackpads, printers, and scanners are not affected by this policy, and will connect as normal.
If a USB device is connected when this policy is activated, what happens?
Any drive that is attached when this policy is activated will stay mounted until the drive is removed, or the system is restarted.
If a USB device is connected and disregarded while this policy is activated, what happens when the policy is deactivated?
Nothing, until the volume is manually mounted, the disk detached and reattached, or the device restarted.
Where can I read more about this?
We've published a Help Center Article on Creating Mac USB External Storage Restriction Policies
05-02-2024 04:19 PM
Interesting! It's great support for organizations to remove their security tools used solely for USB blocking.
05-02-2024 05:15 PM
Great work team!! Love the notification upgrades too!
05-03-2024 03:44 AM
Can I exclude specific USBs? You know every device has on ID. I want to give the user a specific usb and I want to exclude it from this policy. So the user can use only a specific one safely.
05-07-2024 10:20 AM
Hi @yabagay we can't do that right now but it would make a great feature request. 🙂
05-23-2024 08:52 AM
Hi,
I understand that jumpcloud currently does not have the feature of displaying alert messages in the console when an USB is connected. Could you please state the reason for it?
05-27-2024 09:30 AM
Hi @prasannamani there are several features that are requested and prioritized based on multiple factors. It would be best to submit a feature request for this.
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.