Forum Discussion
Manage USB Devices with Intune/Endpoint Manager
Hi
We have just rolled out our new laptops using autopilot and managed through intune. I want to use EndPoint Manager to create some prevent/allow rules to manage usb devices i.e. I want to block everything but allow exceptions i.e. all keyboards, mice etc but only particular models of phones or usb storage devices.
I thought of using "Allow installation of devices that match any device id"
and the "Prevent installation of devices not described"
This doesn't seem to block drives that are already installed. Is there are way of doing this?
Thanks Alistair
1 Reply
- For a quick reply, this is tough to manage and I do not think the device would be smart enough to know that the allowed usb connection is already plugged in.
I think you're talking about this: https://docs.microsoft.com/en-us/troubleshoot/mem/intune/restrict-usb-with-administrative-template
It seems like you need to either block removable drives or block the write access..
Device Configuration --> Profiles --> Endpoint Protection --> Windows Encryption
That should give you the usb settings to block them.
