In this post, we will see how to Block USB Device Access in Microsoft Intune, aka Endpoint Manager. As an organization, It’s important to understand all security aspects to protect and be safe.
You can block access to USB storage to restrict copying the data to USB devices and control the use of unauthorized USB devices in your corporate network.
With the settings for device control, you can configure devices for a layered approach to secure removable media.
Microsoft Defender for Endpoint provides multiple monitoring and control features to help prevent threats in unauthorized peripherals from compromising your devices.
You can check more Windows 10 Security Enhancements and Security Survey that will give you more details on what the industry is thinking about modern security threats and how they plan to handle them for their environment.
Block USB Device Access using Intune
Let’s follow the below steps to block USB Device Access using Intune –
- Sign in to the Microsoft Endpoint Manager admin center
- Select Endpoint security > Attack surface reduction > Create Policy.
In Create Profile, Select Platform, Windows 10 and later and Profile, Device control. Click on Create button.
On the Basics tab, enter a descriptive name, such as USB Device Restriction – Windows 10. Optionally, enter a Description for the policy, then select Next.
On the Configuration settings, Scroll down the lists of available device control settings and Configure Block removable storage to Yes. This policy will block the use of removable storage on the device. And Click Next.
In Scope tags, you can assign a tag to filter the profile to specific IT groups. Add scope tags (if required) and click Next.
Under Assignments, In Included groups, select Add groups and then choose Select groups to include one or more groups. Select Next to continue.
In Review + create, review your settings. When you select Create, your changes are saved, and the policy is assigned.
A notification will appear automatically in the top right-hand corner with a message. Here you can see, Profile was created successfully. The policy is also shown in the list as shown below.
Your groups will receive your policy settings when the devices check-in with the Intune service.
End User Experience
Once the policy applies to the device, users will not access removable storage devices connected with the system.
About Author -> Jitesh has over 5 years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.