Manage USB Devices with Intune/Endpoint Manager

Alistair Trigg · ‎Jan 14 2021

Hi

We have just rolled out our new laptops using autopilot and managed through intune. I want to use EndPoint Manager to create some prevent/allow rules to manage usb devices i.e. I want to block everything but allow exceptions i.e. all keyboards, mice etc but only particular models of phones or usb storage devices.

I thought of using "Allow installation of devices that match any device id"

and the "Prevent installation of devices not described"

This doesn't seem to block drives that are already installed. Is there are way of doing this?

Thanks Alistair

rockypabillore · ‎Jan 14 2021

For a quick reply, this is tough to manage and I do not think the device would be smart enough to know that the allowed usb connection is already plugged in.
I think you're talking about this: https://docs.microsoft.com/en-us/troubleshoot/mem/intune/restrict-usb-with-administrative-template

It seems like you need to either block removable drives or block the write access..
Device Configuration --> Profiles --> Endpoint Protection --> Windows Encryption
That should give you the usb settings to block them.

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Manage USB Devices with Intune/Endpoint Manager

Manage USB Devices with Intune/Endpoint Manager

Re: Manage USB Devices with Intune/Endpoint Manager