4

I would like to find out what policies were deployed to my private Mac that I enrolled under Intune in order to read work email. The Microsoft Content Filter is running under network properties - I would like to know:

  1. Where are the policies store locally
  2. What policies were deployed - are they only blocking some websites (get a list) or are they sending every webpage I visit back
  3. What server(s) are configured to use these reports?

I am sure there is a config file somewhere, but I could not find it.

Thx!

TomEus
  • 3,657
  • 18
  • 35
  • 1
    Have you asked your IT Administrator? – Ramhound Jun 09 '21 at 10:10
  • Yes and guess what - "we do not share our policies for security reason". Even if they told me, I don't like having a black box, would like to verify their statements by looking at the configs. – TomEus Jun 09 '21 at 17:57
  • The list of possible compliance changes is reasonably [small](https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-mac-os) – Ramhound Jun 09 '21 at 21:28
  • That list is not great, what I would like to know is if they collect ev ery visited website, what is the list of the blocked websites, where is the data being sent i.e. domain of the employer or a 3rd party etc. – TomEus Jun 10 '21 at 19:03
  • 2
    A large part of that information is likely not even stored on your computer. – harrymc Jun 11 '21 at 07:41
  • @TomEus The policies are stored in the payload configured in your device profile. Go to 'System Preferences' and click on 'Profiles', you will see any device, user or management profiles listed there. You will not be able to change any config setting if thats what you were hoping to do. If you find that a lot of sites are blocked, then most likely they have deployed a white list of sites, so anything not on the list is blocked. That would be how they control site access. There would of course be logs generated that lists the sites you attempted to access, admins could look if required. – NetServOps Jun 15 '21 at 05:55

1 Answers1

1

#1 The documentation does talk about a config .plist file but then all the examples show .xml files. So you are looking for those two extensions.

There is a good list of information that is shared in their privacy policy.

I would check under /Library/Managed Preferences for anything named mdatp especially .plist and .xml files.

#2 the deployment guide shows profiles visible here: enter image description here

#3 The web filtering rules are processed in the cloud. This means that every URL is sent to Azure to check against live block lists. You should assume that this information is available to Azure administrators if they want to see it. This blog shows you an example of what admins can see.

HackSlash
  • 4,554
  • 3
  • 20
  • 38