Forum Discussion

PJR_CDF's avatar
PJR_CDF
Iron Contributor
Nov 22, 2022

Device Control via Endpoint Security > Attack Surface Reduction > Device Control in Intune

Hi,   I have spent the last 2 days testing configuring USB Device Control for devices in Intune. I initially used the OMA-URI method that involves manual creation of XML files (Yuck!) managed to ge...
PJR_CDF's avatar
PJR_CDF
Iron Contributor
Jan 10, 2023
feedback from my support case last week is it's not fixed yet.
I tried it again yesterday to test and it was still broken with the same error 😞
keith-mad's avatar
keith-mad
Copper Contributor
Feb 01, 2023
Hello PJR_CDF I have managed to deploy a simple Device Control Block policy using the new Reuseable settings. They seemed to have fixed something in the backend. I have deployed a BlockAll USB policy using ReuseableSettings and it has worked. I have not tested anything else in terms of allowing certain USBs, or complex DC policies.

Hopefully Microsoft has fixed it all.
  • PJR_CDF's avatar
    PJR_CDF
    Iron Contributor
    Feb 01, 2023
    Thanks - I did receive a response from support saying its fixed and to retest but hadnt had chance to try.

    For ref they advised to recreate the policy from scratch to ensure it works and not just retest your original policy.
    • PatrickF11's avatar
      PatrickF11
      MCT
      May 24, 2023

      PJR_CDF 

      Same issue here. Today i've tested this feature.

      I've configured everyhting as microsoft mentioned in their learn article.

       

      As soon as there is no block for any removable devices / "RemovableMediaDevices" i got the same issue in eventlog as you did: (invalid class string)

       

      MDM ConfigurationManager: Command failure status. Configuration Source ID: (F3156709-A590-4342-AD16-95EB0ADBFDBC), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (defender), Command Type: (Add: from Replace or Add), CSP URI: (./vendor/msft/defender/configuration/devicecontrol/policyrules/ruledata), Result: (Invalid class string).

       

       As soon as i've deleted this entry (so only the allow and audit allow entry) there are no issues in eventlog. When re-adding the block/audit blocked the issue re-apprears.

       

      It seems that the initial solved issue is back again....

      (Opened up a Support request, too.)

      • PatrickF11's avatar
        PatrickF11
        MCT
        Jun 05, 2023
        Just a quick follow-up: The MS Support has confirmed the issue on their end.

Resources