Event banner
Event details
Hi there,
So, we've tried to deploy storage device management in the company that was supposed to block all storage devices (USB, ext HDD etc.) and allow specific approved devices using this document https://learn.microsoft.com/en-us/mem/intune/configuration/administrative-templates-restrict-usb but MS Support person told us the Intune controls in the doc are for preventing installation of all system devices (and drivers, surprise!), not just USBs. Even with all the GUIDs in the doc added as 'allowed' in Intune, we had a pretty crappy month of WiFi, graphics, BT, sound, printers and even monitors blocked by this policy.
I've tried using this doc (Intune /> Scenario 1) https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-intune?view=o365-worldwide#scenario-1-prevent-write-and-execute-access-to-all-but-allow-specific-approved-usbs-1 but it doesn't work. The reusable settings are in the registry, but the 'allowed' devices are still been blocked on Windows 10. Also, the policy is entirely non functional on Windows 11 - it doesn't even block the storage devices even with the registry keys present.
I've raised 2 tickets about this and after 4 weeks now, there isn't even an agent assigned to the cases. Can someone please advice? We are on 300+ licenses E3 + E5 Security which is tons of money and we can't even get a simple 1st line support.
Thanks.