Using the device control policy sample builder - Arkthos/The-Escalation-Protocol GitHub Wiki
This interactive Python script helps you build basic examples of Microsoft Defender for Endpoint (MDE) device control policies. It guides you through selecting common device types, access rules, and exception conditions โ and outputs a valid JSON policy structure that can be deployed via Jamf or Intune.
โ ๏ธ IMPORTANT:
This tool is intended for illustration and prototyping purposes only. It is not a production-ready policy generator. Use it to explore and understand the JSON structure of device control policies โ not as a replacement for manual policy design and validation.
- Supports both Jamf and Intune deployment scenarios
- Interactive prompts for:
- Device types (USB, Bluetooth, Printers, Storage)
- Access control types (read, write, execute)
- Enforcement actions (
allow
,deny
,auditDeny
) - Vendor/Product ID exceptions
- Additional fields like
serialNumber
andinterfaceClass
- Generates a complete JSON policy with:
groups
rules
settings
- Saves the output to your Desktop or prints it to the screen
- Offers a preview of the policy before saving
- Python 3.6+
- macOS, Linux, or Windows with write access to the desktop
-
Download the script:
device_control_policy_generator.py
-
Run it in a terminal:
python3 device_control_policy_generator.py
-
Answer the interactive prompts:
- Choose one or more device types to control
- Specify access types (write, read, execute)
- Define enforcement actions and exceptions
- Optionally preview the final JSON before saving
-
The script will attempt to save the generated policy as:
~/Desktop/device_control_policy.json
Once generated, validate the policy on a macOS device with Microsoft Defender CLI:
mdatp device-control policy validate --path ~/Desktop/device_control_policy.json
- This tool does not validate policies against the full schema โ please test carefully.
- Generated policies are basic templates โ they may need additional customization before real-world deployment.
- Only a subset of device identification methods are supported (e.g., no
friendlyName
,interfaceSubClass
, etc.).
This tool is provided as-is for educational and advisory use only.
By using it, you acknowledge:
- You are responsible for testing and validating the output.
- Microsoft support does not cover the use of custom policy generators.
- For production scenarios, consult your CSAM or official Microsoft documentation.
- Microsoft Defender for Endpoint โ Device Control on macOS
- Microsoft GitHub โ JSON Schema & Sample Policies
Suggestions or bug reports? Feel free to share ideas for improvement with your engineering team or automation lead.