MDE Device Control – USB stick still accessible even after blocking policy applied

hi alex_ri141​ try below

1. Switch to Device Control → Removable Storage Access Control in MDE/Intune.
• Define allow/block rules by Vendor ID or Product ID (from Hardware ID).
• Example: USBSTOR\Disk&Ven_Intenso&Prod_Basic_Line
2. Pilot first with a test group before rolling out org-wide.
3. Combine with auditing/logging to verify rules are applied (check DeviceControl CSP logs or MDE reports).

Ans:

• Correct ID? → Use Hardware ID (or Vendor/Product IDs extracted from it), not just Device Instance ID.
• Installation Restrictions? → Yes, they only stop new driver installs, not block existing devices.
• Use newer Device Control? → Yes — for blocking access to USB storage, use Removable Storage Access Control (MDE Device Control policy).

Migrate from “Device Installation Restrictions” to “Device Control – Removable Storage Access Control” in Intune. That’s the modern, supported way to enforce USB stick allow/deny policies.