I have usb policy when i include in include groups its getting block but when i exclude i not block

Copper Contributor

I have a USB policy which I made with the help of configuration profiles. Here the devices are AD-joined laptops. The issue happening in my tenant is that my USB devices are getting blocked properly but when I want to unblock those devices it throws an error: the device is still in a blocked state. I am attaching screenshots for your reference.





3 Replies
Excluding the devices from a policy will not necessarily revert the settings. You are looking at creating a separate policy to do the opposite of the enable policy and assign that to the intended set of devices.
Problem: USB drives are getting blocked when you try to unblock the same device, and it remains in the blocked state within a single policy.

then what is the option of excluded devices? theoretically, it should work. can you help me with an article that can suggest that excluding devices will not revert as you mentioned because then we have to make two separate policies which is not preferable.
the issue that i am facing here is that I want a single policy where the USB should be blocked for some devices and it should not be blocked. Once it is in the included group usb drives are getting blocked when I try to unblock the same device. it still remains in the blocked state. Please provide me solution in single policy
The behaviour depends on the CSP. Which is why I mentioned earlier that the settings may not necessarily revert. Here is a little something provided officially that may of some help. https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-troubleshoot#a-profile-is-...