Using Intune and MDE to control removable storage device

Copper Contributor

Hi, I want to restrict the usage of removable storage device (USB drives) to all of our users in which:

1. Allowing users to READ ONLY to any removable storage devices; and,

2. Allowing selected users to READ & WRITE to selected removable storage devices only.


Which is the best approach to fulfill this requirement between using Device Control in Attack Surface Reduction or creating XML files with Configuration Profiles in Intune?


By the way, I am using the second approach (using XML files and apply through the Configuration Profiles). However, the implementation status is Remediated and it keeps the same status for more than 48 hours. Do you have any idea regarding this status in Intune? The attached figures in my post are the screenshots of current implementation statuses at our site.


Screenshot 2022-04-13 083626.pngScreenshot 2022-04-13 083437.png

2 Replies