SWIF.ai

The Apple USB Policy allows administrators to control USB functionality on managed macOS devices. This policy is designed for organizations that need to restrict data transfer, prevent unauthorized USB peripherals, or enhance security by limiting external device access.

This is especially useful in environments with strict compliance requirements (e.g., SOC 2, HIPAA, PCI DSS, ISO 27001) or where USB usage must be tightly controlled.

___________________________________________________________

USB ports provide convenient connectivity for peripherals and storage devices, but they can also introduce significant security risks, such as:

Malware introduced via USB storage devices

Unauthorized hardware, such as keyboards or network adapters

- Data exfiltration via removable drives
- Malware introduced via USB storage devices
- Unauthorized hardware, such as keyboards or network adapters

The Apple USB Policy provides IT admins with a simple, centralized way to block USB functionality on macOS devices enrolled in Swif.ai.

Controls whether USB functionality is allowed on the device.

When USB is disabled, essential built-in components (keyboard, trackpad, internal devices) are not affected.

USB power remains functional (for charging), but data transfer is blocked.

Requires macOS 12.0+ for enforcement.

- When USB is disabled, essential built-in components (keyboard, trackpad, internal devices) are not affected.
- USB power remains functional (for charging), but data transfer is blocked.
- Requires macOS 12.0+ for enforcement.

Enable USB restrictions when you need to:

Prevent data loss or unauthorized copying

Restrict use of untrusted external devices

Comply with security frameworks requiring removable media controls

Harden security on devices in high-risk environments (labs, retail, kiosks, manufacturing, finance, healthcare, etc.)

Prevent users from connecting USB mass storage or rogue USB injection devices

- Prevent data loss or unauthorized copying
- Restrict use of untrusted external devices
- Comply with security frameworks requiring removable media controls
- Harden security on devices in high-risk environments (labs, retail, kiosks, manufacturing, finance, healthcare, etc.)
- Prevent users from connecting USB mass storage or rogue USB injection devices

Navigate to Policies → Create New Policy

Set Disable USB to True or False depending on your security requirements

Assign the policy to devices or device groups

1. Open the Swif Admin Console
2. Navigate to Policies → Create New Policy
3. Select Apple USB Policy
4. Set Disable USB to True or False depending on your security requirements
5. Click Continue
6. Assign the policy to devices or device groups
7. Save and apply

Devices will apply the new USB restrictions during their next MDM sync.

Combine USB blocking with Apple Security, Firewall, and Disk Encryption policies for comprehensive protection

Use device groups to apply USB restrictions based on department or security level

Test USB restrictions on a pilot group before organization-wide rollout

Ensure users understand that charging still works, but data transfer is restricted

- Combine USB blocking with Apple Security, Firewall, and Disk Encryption policies for comprehensive protection
- Use device groups to apply USB restrictions based on department or security level
- Test USB restrictions on a pilot group before organization-wide rollout
- Ensure users understand that charging still works, but data transfer is restricted

USB still appears to work after enabling the policy

Confirm the device has checked in with MDM recently

Rebooting the device may help apply restrictions immediately

- Ensure the device is on macOS 12+
- Confirm the device has checked in with MDM recently
- Rebooting the device may help apply restrictions immediately

This should not happen; USB restrictions only apply to external peripherals

If observed, verify that the device is using genuine Apple hardware (especially on laptops)

- This should not happen; USB restrictions only apply to external peripherals
- If observed, verify that the device is using genuine Apple hardware (especially on laptops)

Apple USB Policy

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Setting	Behavior
True	USB functionality is disabled. New USB devices cannot connect, and data transfer is blocked.
False	USB functionality remains enabled.

Apple USB Policy

Overview

Requirements

Configurable Settings

Disable USB

When to Use This Policy

How to Configure

Best Practices

Troubleshooting

USB still appears to work after enabling the policy

Built-in keyboard/trackpad stops working