JSON Policy Examples needed for group to represent multiple removable media device serial numbers

Question

JSON Policy Examples needed for group to represent multiple removable media device serial numbers

jbutleru47 opened this issue 8 months ago · 4 comments

Though the examples so far are great for one-offs, a real-world example is needed for a JSON policy for device control that represents a group listing multiple serial numbers. As such a list would be updated frequently to add more serial numbers for approved devices, it would be optimum to have an example to follow as building a working JSON is complex. I have contacted Microsoft support and they were unwilling to help as it was not a break/fix situation, thus looking to here to assistance that I'm sure will help others.

Answer 1 · 2024-04-26T20:39:58.000Z

The above issue is for macOS.

Answer 2 · 2024-05-01T03:24:02.000Z

@jbutleru47 I love the idea of creating an end to end example. My questions are:

What permissions (RWX) do the devices have on the "approved list" have?
What permissions (RWX) do the devices have that are not on the "approved list" have?

Answer 3 · 2024-05-01T13:32:53.000Z

@j0shbregman Thanks for the reply. For devices on the "approved list" (based on serial number) they have full RWX permissions, everything else (not on the approved list) does not have any RWX permissions.

Answer 4 · 2024-05-14T21:07:24.000Z

Here's an example of a DC JSON for an approved list of Multiple Serial Numbers for removable devices:

{
"groups": [
{
"$type": "device",
"id": "04B91BD0-0806-458E-837C-CA3B919605AF",
"name": "All Removable Media Devices",
"query": {
"$type": "all",
"clauses": [
{
"$type": "primaryId",
"value": "removable_media_devices"
}
]
}
},
{
"$type": "device",
"id": "1F4E9407-2CD3-4E4D-9DF3-210BA488761E",
"name": "Exclude Approved Serial Numbers",
"query": {
"$type": "and",
"clauses": [
{
"$type": "primaryId",
"value": "removable_media_devices"
},
{
"$type": "or",
"clauses": [
{
"$type": "serialNumber",
"value": "60A44C413841F160799200C9"
},
{
"$type": "serialNumber",
"value": "NAC36Q6M"
}
]
}
]
}
}
],
"rules": [
{
"id": "33AC33F1-CCCE-4452-B874-E9F6C6580FBB",
"name": "Deny RWX to all Removable Media Devices except approved serial numbers",
"includeGroups": [
"04B91BD0-0806-458E-837C-CA3B919605AF"
],
"excludeGroups": [
"1F4E9407-2CD3-4E4D-9DF3-210BA488761E"
],
"entries": [
{
"$type": "removableMedia",
"id": "AEA40A77-9C16-4DC5-945D-704F2BDE9550",
"enforcement": {
"$type": "deny"
},
"access": [
"read",
"write",
"execute"
]
},
{
"$type": "removableMedia",
"id": "495A6B6C-F0C8-4B5B-B2F7-AF5B173092DA",
"enforcement": {
"$type": "auditDeny",
"options": [
"send_event",
"show_notification"
]
},
"access": [
"read",
"write",
"execute"
]
}
]
}
],
"settings": {
"features": {
"removableMedia": {
"disable": false
}
},
"global": {
"defaultEnforcement": "allow"
},
"ux": {
"navigationTarget": "https://www.microsoft.com"
}
}
}