Microsoft boosts enterprise Mac security in Defender update
Microsoft continues to develop its presence on the Mac, with improvement following improvement for the platform, now it has published an important preview update for Mac users who employ Microsoft Defender for Endpoint on their machines, ushering in better security for USB devices.
Secure the endpoints!
Security around USB devices is one of the more fragile elements of enterprise security, so it’s good that Microsoft has taken steps to toughen this, particularly in an era defined by remote working.
As anyone reading this far will know, Defender for Endpoint is Microsoft’s enterprise security solution that works to defend against vulnerabilities, limit the available attack surface and centralize endpoint security management.
The update addresses a specific problem in that many of us just plug USB devices into our systems without considering any risk. What it does is provide controls that can be used centrally to make sure that only recognised and approved devices can be used to store data thanks to the Audit and Block enforcement.
This includes controlled access and policies which direct people inserting one of these sticks company defined URLs. These could contain policy agreements and more.
NeoWin explains the solution extends to control around USB device vendors and serial numbers, so if a USB device is not from a supported vendor and its serial number is not within a stated range (bona fide users can register their USB device in advance), then access is denied. Which in plain English means no one can steal data from your company via that storage device.
Microsoft explains that access level is controlled through custom policies.
- The capability supports Audit and Block enforcement levels.
- USB device access can be set to Read, Write, Execute, No access.
- To achieve a high degree of granularity, USB access level can be specified for Product ID, Vendor ID, and Serial Number.
- The custom policy allows customization of the URL where user is redirected to when interacting with an end user facing “device restricted” notification.
USB device control policies can be deployed using , Intune, and manual deployment. To experience the USB storage device control for Mac capability in public preview, you’ll need to have preview features turned on in the Microsoft Defender Security Center. macOS Catalina 10.15.4+ is required.
Additional features in the preview include web content filtering, device health and compliance reporting and enhanced information protection. The protection is explained in far more depth here and here.