Forum Discussion
Intune USB removable storage block - side effect on remote USB sharing devices
Hi everyone !
We have some constraints compliance-wise to block removable USB storage. Basically, did any of you faced this, and how did you tackle this ?
For reference, we enforced the block policy by creating an Intune (no GPO) configuration profile this way for Windows 10 devices:
Device configuration profile > Configuration settings > General > Removable storage > Block
There are some side-effects on this, as for the hardware USB devices that are onboarding some drivers, those will be blocked.
We saw this for some devices regarding remote screen sharing devices. We tried allowing those devices this way with the following policy:
Device configuration profile > Administrative Templates > System > Device Installation > Device Installation Restrictions > Allowed device IDs: "<List of hardware IDs>"; Allow installation of devices that match any of these device IDs: "Enabled"
But we are still having issues right now.
- Overall, there seems to be multiple ways to block removable storage USBs on Intune - not always super clear what are the pros/cons for each of them. Is the one currently implemented allow whitelisting specific devices ?
- And what are your feedbacks on this if you are currently implementing this / already worked on this topic ?
Thank you !
1 Reply
Update: we tried using "All Removable Storage classes: Deny all access" with "Allow installation of devices that match any of these device IDs" and "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" all together.
For now the issue sitll remains, the whitelisted Hardware IDs seems to be still unusable somehow.
Does anyone else have a similar setup ? Or another suggestion ?
