Forum Discussion
Blocking USB slots in Intune
Hilmar Hi, to force sync you can use this command:
intunemanagementextension://syncapp
I also recommend this feature if you want the refresh to be done more often:
Administrative templates are mostly used for compatibility with Windows 10; if your devices are Windows 11, it is definitely better to use endpoint security, which is the evolution of administrative templates and allows for more modern device management.
If you want to lock the usbs at startup, you will have to go to work on the bios.
Through Intune, some manufacturer (e.g.Dell), gives the ability to create configuration files and then deploy to devices in a centralized wayhttps://learn.microsoft.com/it-it/mem/intune/configuration/bios-configuration
I hope I have been helpful to you
micheleariis Hi micheleariis,
thank you for your very helpfull answer.
I have set the config refresh profile and will monitor its work.
Because we mostly use win11 clients, I will stay with the endpoint security.
Thanks a lot.
Have a nice weekend.
Hilmar
micheleariis am I guessing right, after I have blocked the USB slots, I cant just open em again by removing the user group out of the policy? Just for testing purposes.
I removed the group-assignment and synchronised again, but the client-USBslots are still blocked.
next step will be to generally allow any camera (by class ID) and in a third step allow just a speciffic camera.
We will see how that works.