Intune Device restriction (USB Block) Showing not applicable

We have configured USB block policy using device restrictions in Intune and deployed to All devices and Users but policy saying it is not applicable for device/users
FYI. we are using windows 10 1909 build.
10 Replies

Hi @Mdrafik-Shaikh  - Hope you have configured via the policy under Device -> Configuration profiles -> Device Restriction -> General -> Removable storage to Block .

And assigned it to all users & devices in the assignment?


As per Microsoft, this policy is compatible with the below editions and windows 10 1909 build. 



Can you add the screenshot of your configuration  & status to your question to understand the scenario better?




I have configured same. Please check attached screen shots




What happens when you manually configure this setings with a csp? 




not applicable : You would think you don't have the proper windows version?


This policy isn't supported on this platform. For example, iOS/iPadOS policies don't work on Android. Samsung KNOX policies don't work on Windows devices.


And when I am looking at the pictures, its co managed. Is this your first device configuration profile


Co-management workloads - Configuration Manager | Microsoft Docs


You don't have to switch the workloads, or you can do them individually when you're ready. Configuration Manager continues to manage all other workloads, including those workloads that you don't switch to Intune, and all other features of Configuration Manager that co-management doesn't support

Hi @Rudy_Ooms_MVP ,


Yes, its co-managed and moved all workload to Intune except application and windows updates.

All Configured policies working fine, ie. Endpoint Antivirus policy, ASR, Baseline policy only USB policy having some issue.

Im using following windows version.


I will check with CSP and update.






I tried manully with CSP and it is not working









What's the DeviceManagement-Enterprise-Diagnostic-Provider event log showing? most of the times it could tell you a lot more... Try to sync the device and watch the event log

@Rudy_Ooms_MVP Policy issue has been resolved, we have reconfigured the co-management and moved Resource access, Endpoint protection and device configuration to Intune.

@Mdrafik-Shaikh Glad that it is working for you and thanks for taking the time to update. Did you found out the thing which caused the policy failure, it will be helpful for the members.

Hi, thanx for your response. So if I understand it correctly... so the issue was there were still some workloads not moved to Intune like the link I posted?

@Rudy_Ooms_MVP Yes, Device configuration workload.