Microsoft Defender for Endpoint is the company's enterprise security solution to detect and mitigate vulnerabilities, reduce the potential attack surface, and simplify endpoint security management centrally. The service is cross-platform and provides security capabilities across Windows, macOS, Linux servers, and Android. Now, the firm has updated its macOS solution to offer better and more granular controls for USB devices.
Microsoft has noted that many end users in organizations simply plug in USB devices on their enterprise machines without considering potential risks. To reduce this attack surface, the company is now offering a public preview of USB storage device control for Mac, which essentially aids organizations in reducing this attack surface and mitigating data loss and malware.
This is done by supporting "Audit and Block" enforcement capabilities, controlling access for specific USB devices, and custom policies that can be set to redirect users to specific URLs when they plug in a restricted device. This is further enforced by having hierarchical custom policies containing vendors, products, and serial numbers. If a USB device does not reside in any of these nested entries, their access is defaulted to the top level permission for the organization. Custom queries can also be written by IT admins to identify USB events on a more granular scale.
USB storage device control for Defender on Endpoint for Mac is available in public preview today. IT admins can opt in to preview features as per the documentation here, and find out more about the specific feature here.