Intune에 대한 장치 제어 정책의 예
적용 대상:
엔드포인트용 Microsoft Defender를 경험하고 싶으신가요? 무료 평가판을 신청하세요.
이 문서에는 조직에 맞게 사용자 지정할 수 있는 장치 제어 정책의 예가 포함되어 있습니다. 이러한 예제는 Intune을 사용하여 엔터프라이즈에서 장치를 관리하는 경우 적용할 수 있습니다.
모든 이동식 미디어에 대한 액세스 제한
다음 예에서는 모든 이동식 미디어에 대한 액세스를 제한합니다. 정책의 none 최상위 수준에서 적용되는 사용 권한을 참고하십시오. 즉, 모든 파일 작업이 허용되지 않습니다.
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
<dict>
<key>PayloadUUID</key>
<string>C4E6A782-0C8D-44AB-A025-EB893987A295</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav</string>
<key>PayloadDisplayName</key>
<string>Microsoft Defender settings</string>
<key>PayloadDescription</key>
<string>Microsoft Defender configuration settings</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string>
<key>PayloadType</key>
<string>com.microsoft.wdav</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav</string>
<key>PayloadDisplayName</key>
<string>Microsoft Defender configuration settings</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>deviceControl</key>
<dict>
<key>removableMediaPolicy</key>
<dict>
<key>enforcementLevel</key>
<string>block</string>
<key>permission</key>
<array>
<string>none</string>
</array>
</dict>
</dict>
</dict>
</array>
</dict>
</plist>
모든 이동식 미디어를 읽기 전용으로 설정
다음 예제에서는 모든 이동식 미디어를 읽기 전용으로 구성합니다. 정책의 read 최상위 수준에서 적용되는 사용 권한을 기록해 두면 모든 쓰기 및 실행 작업이 허용되지 않습니다.
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
<dict>
<key>PayloadUUID</key>
<string>C4E6A782-0C8D-44AB-A025-EB893987A295</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav</string>
<key>PayloadDisplayName</key>
<string>Microsoft Defender settings</string>
<key>PayloadDescription</key>
<string>Microsoft Defender configuration settings</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string>
<key>PayloadType</key>
<string>com.microsoft.wdav</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav</string>
<key>PayloadDisplayName</key>
<string>Microsoft Defender configuration settings</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>deviceControl</key>
<dict>
<key>removableMediaPolicy</key>
<dict>
<key>enforcementLevel</key>
<string>block</string>
<key>permission</key>
<array>
<string>read</string>
</array>
</dict>
</dict>
</dict>
</array>
</dict>
</plist>
이동식 미디어에서 프로그램 실행을 안 하게 합니다.
다음 예제에서는 이동식 미디어에서 프로그램 실행을 금지할 수 있는 방법을 보여줍니다. read 정책의 write 최상위 수준에서 적용되는 사용 권한에 유의합니다.
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
<dict>
<key>PayloadUUID</key>
<string>C4E6A782-0C8D-44AB-A025-EB893987A295</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav</string>
<key>PayloadDisplayName</key>
<string>Microsoft Defender settings</string>
<key>PayloadDescription</key>
<string>Microsoft Defender configuration settings</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string>
<key>PayloadType</key>
<string>com.microsoft.wdav</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav</string>
<key>PayloadDisplayName</key>
<string>Microsoft Defender configuration settings</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>deviceControl</key>
<dict>
<key>removableMediaPolicy</key>
<dict>
<key>enforcementLevel</key>
<string>block</string>
<key>permission</key>
<array>
<string>read</string>
<string>write</string>
</array>
</dict>
</dict>
</dict>
</array>
</dict>
</plist>
특정 공급업체의 모든 장치 제한
다음 예에서는 및 로 식별된 특정 공급업체의 모든 장치를 제한합니다4525.fff0 정책의 최상위 수준에 정의된 권한이 모든 사용 권한(읽기, 쓰기 및 실행)을 나열하기 때문에 다른 모든 장치는 제한되지 않습니다.
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
<dict>
<key>PayloadUUID</key>
<string>C4E6A782-0C8D-44AB-A025-EB893987A295</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav</string>
<key>PayloadDisplayName</key>
<string>Microsoft Defender settings</string>
<key>PayloadDescription</key>
<string>Microsoft Defender configuration settings</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string>
<key>PayloadType</key>
<string>com.microsoft.wdav</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav</string>
<key>PayloadDisplayName</key>
<string>Microsoft Defender configuration settings</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>deviceControl</key>
<dict>
<key>removableMediaPolicy</key>
<dict>
<key>enforcementLevel</key>
<string>block</string>
<key>permission</key>
<array>
<string>read</string>
<string>write</string>
<string>execute</string>
</array>
<key>vendors</key>
<dict>
<key>fff0</key>
<dict>
<key>permission</key>
<array>
<string>none</string>
</array>
</dict>
<key>4525</key>
<dict>
<key>permission</key>
<array>
<string>none</string>
</array>
</dict>
</dict>
</dict>
</dict>
</dict>
</array>
</dict>
</plist>
공급업체 ID, 제품 ID 및 일련 번호로 식별되는 특정 장치 제한
다음 예에서는 공급업체 ID, 제품 ID fff0``1000및 일련 번호 및 로 식별되는 두 개의 특정 장치를 제한 04ZSSMHI2O7WBVOA 합니다04ZSSMHI2O7WBVOB. 정책의 다른 모든 수준에서 사용 권한에는 가능한 모든 값(읽기, 쓰기 및 실행)이 포함됩니다. 즉, 다른 모든 디바이스는 제한되지 않습니다.
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
<dict>
<key>PayloadUUID</key>
<string>C4E6A782-0C8D-44AB-A025-EB893987A295</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav</string>
<key>PayloadDisplayName</key>
<string>Microsoft Defender settings</string>
<key>PayloadDescription</key>
<string>Microsoft Defender configuration settings</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string>
<key>PayloadType</key>
<string>com.microsoft.wdav</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav</string>
<key>PayloadDisplayName</key>
<string>Microsoft Defender configuration settings</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>deviceControl</key>
<dict>
<key>removableMediaPolicy</key>
<dict>
<key>enforcementLevel</key>
<string>block</string>
<key>permission</key>
<array>
<string>read</string>
<string>write</string>
<string>execute</string>
</array>
<key>vendors</key>
<dict>
<key>fff0</key>
<dict>
<key>permission</key>
<array>
<string>read</string>
<string>write</string>
<string>execute</string>
</array>
<key>products</key>
<dict>
<key>1000</key>
<dict>
<key>permission</key>
<array>
<string>read</string>
<string>write</string>
<string>execute</string>
</array>
<key>serialNumbers</key>
<dict>
<key>04ZSSMHI2O7WBVOA</key>
<array>
<string>none</string>
</array>
<key>04ZSSMHI2O7WBVOB</key>
<array>
<string>none</string>
</array>
</dict>
</dict>
</dict>
</dict>
</dict>
</dict>
</dict>
</dict>
</array>
</dict>
</plist>