Overview
Due to Apple privacy restrictions, administrators must grant full disk access permissions to the insider risk and backup agents to enable Incydr security monitoring and file preservation. This article shows you how to confirm full disk access permissions are configured correctly.
Confirm full disk access status
The Incydr API enables you to confirm if full disk access permissions are configured correctly for both a specific device and an entire organization.
The examples below assume basic familiarity with curl commands.
Incydr Developer Portal
See the Developer Portal for more API documentation and resources. The portal provides:
- A single access point for documentation of methods for Incydr, including the REST API, Incydr SDK, and command-line interface (CLI)
- A single request URL for API calls to each cloud instance
- API reference documentation
Use the Developer Portal for your API needs as much as possible. APIs in the portal are the preferred way to integrate with Incydr. If you use APIs that do not appear on the Developer Portal, contact our Technical Support Engineers for guidance on the best way to integrate with Incydr.
Single device
To check the status of a single device, use this as a template to create a command specific to your Incydr environment:
curl -X GET \ '<request_url>/api/v12/agent-state/view-by-device-guid?deviceGuid=<deviceGuid>&propertyName=fullDiskAccess' \ -H 'cache-control: no-cache' \ -H 'content-type: application/json' \ -H 'Authorization: Bearer<auth_token>'
- Replace
<request_url>with the address of your Incydr environment (do not include the brackets in your request). - Replace
<deviceGuid>with the numeric ID of the device you want to review (do not include the brackets in your request). To find this ID, view the device details in Incydr console and copy the numeric string listed under the device name. - Replace
<auth_token>with an authentication token. - Execute the curl command in your command-line tool of choice. When prompted, enter your password.
- Review the
dataobject in the response. A value oftrueindicates full disk access is enabled. A value offalseindicates full disk access is not enabled. The sample response below confirms full disk access is enabled for deviceGuid 1123581321345589144:
[{"deviceGuid":"1123581321345589144","name":"fullDiskAccess","value":"true"}]
All devices in an organization
To check the status of all devices in an organization, use this as a template to create a command specific to your Incydr environment:
curl -X GET \ '<request_url>/api/v12/agent-state/view-by-organization-id?orgId=<OrgID>&propertyName=fullDiskAccess' \ -H 'cache-control: no-cache' \ -H 'content-type: application/json' \ -H 'Authorization: Bearer<auth_token>'
- Replace
<request_url>with the address of your Incydr environment (do not include the brackets in your request). - Replace
<OrgID>with the numeric ID of the organization you want to review (do not include the brackets in your request). To find this ID, export a CSV file containing the organization's data and locate the orgId value in the exported file. - Replace
<auth_token>with an authentication token. - Execute the curl command in your command-line tool of choice. When prompted, enter your password.
- Review the
dataobject for each device included in the response. A value oftrueindicates full disk access is enabled. A value offalseindicates full disk access is not enabled. The sample response below indicates full disk access is enabled for the first device and not enabled for the second device:
{"deviceGuid":"1123581321345589144","name":"fullDiskAccess","value":"true"},{"deviceGuid":"23337761098715972584","name":"fullDiskAccess","value":"false"}
Comments
0 comments
Please sign in to leave a comment.